Report - snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm

Report Overview

Visited public
2023-11-16 02:36:08
Tags
natwest financial phishing suspicious
URL
snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Finishing URL
snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
IP / ASN
34.230.102.214
#14618 AMAZON-AES
Title
Log in to Online Banking
Phishing - NatWest
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
eclipse.website.yandexcloud.net	unknown	2018-08-03	2023-09-18 13:27:18	2023-11-15 19:56:03	12 kB	698 kB	213.180.193.247
l2.io	163527	2012-05-12	2015-06-25 03:31:26	2023-11-15 19:56:03	411 B	226 B	195.80.159.133
snow-foul-prepared.glitch.me	unknown	2008-07-18	2023-11-15 08:56:04	2023-11-15 20:04:18	535 B	64 kB	44.217.233.228

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-16 02:35:50	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-16 02:35:50	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-16 02:35:50	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-16 02:35:50	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-16 02:35:50	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-16 02:35:50	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-16 02:35:50	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-16 02:35:50	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-16 02:35:50	medium	Client IP	44.217.233.228	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2023-11-16 02:35:51	medium	Client IP	Internal IP	ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup)
2023-11-16 02:35:51	medium	Client IP	Internal IP	ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup)
2023-11-16 02:35:51	medium	Client IP	195.80.159.133	ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-15	medium	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	NatWest Personal Banking

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (20)

	URL	From	Size	First Seen	Last Seen
	l2.io/ip.js?var=userip	ScriptElement	24 B	2023-03-07	2025-05-09
Pretty URL l2.io/ip.js?var=userip IP 195.80.159.133 ASN #29152 Decknet S.a.r.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 07:36 Times Seen1137 Hash f9dc91b3feea65bd389a2f5b57306c32 147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77 Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	281 B	2023-09-18	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen19 Hash ebcf844952a2101399b14a349208d55f 67f1c1efa7b0e278e69419b027f5efba27130b74 cce270265eb284ce789692e3213be2de7d812672be6110c62043559626c81580 Loading...

	unknown	ScriptElement	2.5 kB	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen18 Hash d330a14c8f1c84dec577cfffa3b66e0a a5bd5882a89d3bbe04afd78b389fda9f853525bf ebfd5aa298e28c4c019987b308497d5714aac93940785175d897ff0c9737e45a Loading...

	eclipse.website.yandexcloud.net/jquery-2.2.3.js	ScriptElement	259 kB	2023-03-07	2025-04-09
Pretty URL eclipse.website.yandexcloud.net/jquery-2.2.3.js IP 213.180.193.247 ASN #13238 YANDEX LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:37 Last Seen2025-04-09 06:08 Times Seen141 Hash aacc43d6f308fa362ac85e3f4fb2b30c 09b2fbec3c6e662be486da501a913d4b93ad39eb 95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	144 B	2023-03-07	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:25 Last Seen2024-08-21 07:50 Times Seen24 Hash 4c0fa7ff78a65d13417dbec195137e72 c528f1c07f55716c27809bd154d3b8c9d5b72215 3a00a60b4e6c26b2cf9cdd15c1f2ec739379bbced22f85813a0312077b72fa2a Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	15 B	2023-03-07	2025-05-07
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06 Last Seen2025-05-07 16:02 Times Seen319 Hash a6334981a8bbe29aa5c1dc2edd2640b2 4c0fb8f501dfb048b93102fccc8976cd1ce14f34 5dedb26ee87d110b89e97198b67b2a79dc14359cfda2d56ff91af5f460b6a4a0 Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	65 B	2023-03-07	2025-05-07
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06 Last Seen2025-05-07 16:02 Times Seen316 Hash 2bd60c5b14d66a418d7acfdb28bbbdce d2281051c147d3ba68c9cdf1048cf1d49408aa39 7ebe893f5ae6a45f490e5b51841c7ba938425832b0326aad21a13106b52d8675 Loading...

	unknown	ScriptElement	2.4 kB	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen18 Hash 6cb25a5ddfc47566c542738c4e948c00 1d9df712af91ef86e1e0e90a28031a93b2ffb4a3 78914ba22e65335287d05c161b74239822b84b6e67942882b613cb82cc606890 Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	1.1 kB	2023-10-13	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 11:16 Last Seen2024-08-21 04:53 Times Seen13 Hash e6c2a2fdda5835c2100549813ea0066e 4bfaeb53bbc1ad69b6e3f3997362a195aff75579 b6ea0ba3112b669e8cb8d54336080443dd2f474c321ab026e04b119924b8745b Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	1.8 kB	2023-10-13	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 11:16 Last Seen2024-08-21 04:53 Times Seen13 Hash c7675865dcc02dfb88fabb717c1ba67a 67d9924c44ce51244b6a503c8a8d3671660e7d8c 7d5455e484a6b6d127443c9002f8aa124f65447c002769559a54b33766fc4722 Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	1.7 kB	2023-10-13	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 11:16 Last Seen2024-08-21 04:53 Times Seen13 Hash a1b53feb53880f70822042fb38979753 f5d6b9a06eb8b65579543ac3c51202120eab1100 7734b6a86d6514d05b1f8dd0b8a28099eff570a3ec4a275561f35c38706f3f0c Loading...

	unknown	ScriptElement	2.6 kB	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen18 Hash 35c90e04a218cc3b11e46b69dc914fd6 9052efe6b7cf2cd9c359ffbf944ca4a21fcde5ec 2423ffc8fe68ea2a31c3af999c66ad711b7fecf3008c0ba5fd3dcee6abe261d8 Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	1.7 kB	2023-10-13	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 11:16 Last Seen2024-08-21 04:53 Times Seen13 Hash 49f250c248d99e1861ec2c3f369ef0b1 9294ccafef6a07fa4fea088a2199c110ae86a1a6 9376727512f9dbaabd97abceebe5e39ca3f018daa67fd9aee036fcd88098549e Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	1.8 kB	2023-10-13	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 11:16 Last Seen2024-08-21 04:53 Times Seen13 Hash af9d9339825e5b44d3778daacd9257d5 5665b3db1e0eaf2e92a89171ea3f1b1c15ba395d 320e533cf83e956335412a433f6a77cd81ce3760fe67960ff0fe5c54016d6564 Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	1.9 kB	2023-10-13	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-13 11:16 Last Seen2024-08-21 04:53 Times Seen13 Hash e577f96d84619d6bd73d84d9e9dc4258 d20d372a1efd495e0601980346e1594b0753f192 d08a982f074b9472006cdb5cfcb5150904ceebf08dc68ddabb7b95733ee64d40 Loading...

	snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm	ScriptElement	27 kB	2023-09-18	2024-08-21
Pretty URL snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm IP 44.217.233.228 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen18 Hash 437ebc0a55175f718192d8c153c60f38 36b40082dfa7ba963106c7b44fd11e28bc8dc5db 0ffd1f7031c8a4665db418f92468db9852f067729d1332569b3c58d19a588fa5 Loading...

	unknown	ScriptElement	1.9 kB	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen18 Hash 2ecd74152c554ff53f81b7f82bd247f2 243b919e33892342eb721d18740f756815fd3d5f a7bda47a046d30e83efb4f7eb42619dad145e496734cf73923d941f4105295b2 Loading...

	unknown	ScriptElement	2.5 kB	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen18 Hash dc7afdbbba5063dc52300efc79a7b781 8cac4ad4173cf2da0ac74842e81f401f73450d5d 791957ec72d96d41c944e7d3b3e3e661ec7bbcf6277db21cce225628249bf012 Loading...

	unknown	ScriptElement	2.4 kB	2023-09-18	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen18 Hash cc8058066e6275e46aaaade2c8f3e0ce 72deb8fb167c54fbe1edfce83ca5bca283fcec6f eafab7abbe127110dd4e9899dd2282bee49fdb07eb7b9cc7aae690d207326dc6 Loading...

		Size	First Seen	Last Seen
	#1 Write - c8fab290d3ae5f591975a4db6db50620	8.9 kB	2023-09-18 13:27	2024-08-21 06:27
Pretty Observations First Seen2023-09-18 13:27 Last Seen2024-08-21 06:27 Times Seen29 Hash c8fab290d3ae5f591975a4db6db50620 e6fd07e2f610301e9f619739bfe979713d8b3b45 f66a97259e930d91ed4b27d61beeccccdad803daf0220b4d84b4fcb5dc99dd48 Loading...

HTTP Transactions (27)

URL IP Response Size

snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm

44.217.233.228

200 OK

63 kB

URL User Request GET HTTP/2
snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
IP
44.217.233.228:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint13:93:2D:E4:50:7E:CE:BA:BC:F9:6D:7E:86:7F:43:5D:8E:63:45:3E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (26579)
Size
63 kB (62989 bytes)
Hash
37dca1194bb17cb34e33d4bfeec1b6dd
bb284e676d88b9c4689c97ae4f751c3e83295cae
f27518244a657ef2cc17662531692005e6efd4831bfeb7461e8b88d7bcf7338c

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	NatWest Personal Banking

HTTP Headers

GET /public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm HTTP/1.1
Host: snow-foul-prepared.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 16 Nov 2023 02:35:50 GMT
content-type: text/html; charset=utf-8
content-length: 62989
x-amz-id-2: lCz6BChPxrhs6WE3SgctpPXa7mvDdZ6g1RBbITqMPyIpinQxzinYZRE46dtMiB2ZX/v8zYZJ4O4=
x-amz-request-id: 835QVN9HV4ZZVBH5
last-modified: Wed, 15 Nov 2023 06:29:11 GMT
etag: "37dca1194bb17cb34e33d4bfeec1b6dd"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/plogo.png

213.180.193.247

200 OK

5.7 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/plogo.png
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
PNG image data, 80 x 106, 8-bit/color RGBA, non-interlaced\012- data
Size
5.7 kB (5679 bytes)
Hash
cce808c0c23f731523eb4b7298ad18d8
e7e040afc91e194b3241653aab4863bf20020014
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /plogo.png HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: image/png
content-length: 5679
accept-ranges: bytes
etag: "cce808c0c23f731523eb4b7298ad18d8"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: 2311e87906e168df
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/error-marker.png

213.180.193.247

200 OK

1.1 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/error-marker.png
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
PNG image data, 29 x 29, 8-bit/color RGBA, non-interlaced\012- data
Size
1.1 kB (1090 bytes)
Hash
50f1540b40bf348f927c3ed21aba72b3
b8c94013139462b49a2422ba947a7a8fede3552e
27f324f2ad60091d5e8f76adfef83f9122dc8aa8df29d0a8d970bfe06aaa5005

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /error-marker.png HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: image/png
content-length: 1090
accept-ranges: bytes
etag: "50f1540b40bf348f927c3ed21aba72b3"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: 64fc647d759ed42f
X-Firefox-Spdy: h2

l2.io/ip.js?var=userip

195.80.159.133

200 OK

24 B

URL GET HTTP/1.1
l2.io/ip.js?var=userip
IP
195.80.159.133:443
ASN
#29152 Decknet S.a.r.l.

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerLet's Encrypt
Subjectl2.io
Fingerprint65:49:ED:2D:E9:35:D9:26:3D:70:87:2B:4F:20:FF:14:56:55:52:B4
ValidityTue, 17 Oct 2023 07:33:55 GMT - Mon, 15 Jan 2024 07:33:54 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
f9dc91b3feea65bd389a2f5b57306c32
147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e
d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77

HTTP Headers

GET /ip.js?var=userip HTTP/1.1
Host: l2.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 16 Nov 2023 02:35:52 GMT
Server: Apache/2.4.38 (Debian)
Content-Length: 24
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

eclipse.website.yandexcloud.net/white-lock.png

213.180.193.247

200 OK

285 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/white-lock.png
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
PNG image data, 18 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
285 B (285 bytes)
Hash
4a3360fb538fcc33db66e22afbd18715
112eca49dcfede70854283a7c51fba6e8a96a4df
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /white-lock.png HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/npc.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: image/png
content-length: 285
accept-ranges: bytes
etag: "4a3360fb538fcc33db66e22afbd18715"
last-modified: Mon, 04 Sep 2023 09:44:20 GMT
x-amz-request-id: b03d608f9d3f5121
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/li5_outer_frame_top_curve.gif

213.180.193.247

200 OK

18 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/li5_outer_frame_top_curve.gif
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1543), with CRLF line terminators
Size
18 kB (17540 bytes)
Hash
b5f90335c1b50c6e46292060d68662bc
35054541ed3c9a873ded0200644a9304eb85fb68
a9525f33d124699e204c65d7711a4cfb074db510e171a0f03ae17b60226bfd75

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /li5_outer_frame_top_curve.gif HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/master.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: image/gif
content-length: 17540
accept-ranges: bytes
etag: "b5f90335c1b50c6e46292060d68662bc"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: 9bd8cc0f52ca9e6e
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/radio-selected.png

213.180.193.247

200 OK

1.6 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/radio-selected.png
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, interlaced\012- data
Size
1.6 kB (1633 bytes)
Hash
2ac5b52fbdb0be1bbc9506a24f78afe9
bd049c00ea03ed4e6eefaed6fb9744ee48839f58
d81db57832f4742b67755f90f8c3d37735cb9f58dbb10e312f931343d27552c6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /radio-selected.png HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/npc.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: image/png
content-length: 1633
accept-ranges: bytes
etag: "2ac5b52fbdb0be1bbc9506a24f78afe9"
last-modified: Mon, 04 Sep 2023 09:44:20 GMT
x-amz-request-id: 54468a02130ed499
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/check-box.png

213.180.193.247

200 OK

157 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/check-box.png
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Size
157 B (157 bytes)
Hash
b23db76451b3df600c7dbda6c93a2e2e
a2054da2c842bf4f5651c4ee1481688e215a56bf
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /check-box.png HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/npc.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: image/png
content-length: 157
accept-ranges: bytes
etag: "b23db76451b3df600c7dbda6c93a2e2e"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: b92110b50aa4d699
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/down-chevron.png

213.180.193.247

200 OK

295 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/down-chevron.png
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
PNG image data, 13 x 8, 8-bit/color RGBA, non-interlaced\012- data
Size
295 B (295 bytes)
Hash
5d1201e574de6bb2d10db83ade0d098d
b28bb6abd4cf048f7cebe0ee459c3511c0a22df7
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /down-chevron.png HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/npc.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: image/png
content-length: 295
accept-ranges: bytes
etag: "5d1201e574de6bb2d10db83ade0d098d"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: cd7bf4bac1c88208
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/combined-shape.png

213.180.193.247

200 OK

359 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/combined-shape.png
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
PNG image data, 13 x 13, 8-bit/color RGBA, non-interlaced\012- data
Size
359 B (359 bytes)
Hash
3d738a237a2dd5f3075939942052d472
9ccba64b7bcd8a7949b3afbcfa0d76a7bf47618e
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /combined-shape.png HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/npc.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: image/png
content-length: 359
accept-ranges: bytes
etag: "3d738a237a2dd5f3075939942052d472"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: b0e246ab1623cea1
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.woff2

213.180.193.247

200 OK

22 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.woff2
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22184, version 1.65\012- data
Size
22 kB (22184 bytes)
Hash
d81e0cfa15c3c638984cc484bf9a23fd
fb4ee0e7f1c3d9b6737304a70aeeb52c05d6ae1d
ce64c0d35d4ad8fd2fa79ecd45d6db37982940958b7f51448b697bad342ce55b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /RNHouseSansW05-Bold.woff2 HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://snow-foul-prepared.glitch.me
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: application/x-www-form-urlencoded
content-length: 22184
accept-ranges: bytes
etag: "d81e0cfa15c3c638984cc484bf9a23fd"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: 5ed337940c549f04
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.woff

213.180.193.247

404 Not Found

225 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.woff
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
225 B (225 bytes)
Hash
591e077e69075e5c5bb94c91c66d930e
0231892edd9b2335d27578981e11ba727bb97577
2b13edf82d6485c0b3d5817d276ffc45980ff23fcf0d0db9bcbd8de44a12cc07

HTTP Headers

GET /RNHouseSansW05-Regular.woff HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://snow-foul-prepared.glitch.me
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: text/html; charset=utf-8
content-length: 225
x-amz-request-id: f47c3d3f755a6505
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.woff

213.180.193.247

404 Not Found

225 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.woff
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
225 B (225 bytes)
Hash
a20230f3c64982eefe3f0a38dd6d2089
35764dc8ac12294f09d69c07c88a4182a9b6469b
45d3a0b5b5a0c8faf3bb5472bf66eb7233f130203dc0729780a9a54eba01e553

HTTP Headers

GET /RNHouseSansW05-Bold.woff HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://snow-foul-prepared.glitch.me
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: text/html; charset=utf-8
content-length: 225
x-amz-request-id: 48974d285744e57e
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/favicon.ico

213.180.193.247

200 OK

2.2 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/favicon.ico
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel\012- data
Size
2.2 kB (2238 bytes)
Hash
d0ab1861f850d4514edaa1696b3b5ce2
8fbdfef1335ccf858072297caef21e1925a44d11
9bbf91204e8022d01c859c92c1d9218ac4859de521548856534b48ac2e7849a8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: image/x-icon
content-length: 2238
accept-ranges: bytes
etag: "d0ab1861f850d4514edaa1696b3b5ce2"
last-modified: Mon, 04 Sep 2023 09:44:18 GMT
x-amz-request-id: e100ca11b67fb971
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/npc.css

213.180.193.247

200 OK

47 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/npc.css
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
ASCII text, with very long lines (518), with CRLF line terminators
Size
47 kB (47326 bytes)
Hash
d3f76cb5e9a68a590459b54b35e2ac59
97db38040f44843b6ee5caac758acb6b5d6fb921
b618b1630fe11a6fee0232601cc91ac7e7cd56ec8d4ab7353846e493d8764778

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /npc.css HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/css
etag: W/"d3f76cb5e9a68a590459b54b35e2ac59"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: c931efc6afab0a1f
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/font-awesome.css

213.180.193.247

200 OK

22 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/font-awesome.css
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
ASCII text, with very long lines (21777)
Size
22 kB (21939 bytes)
Hash
b3f38f8786407280c4585f1586bf26ee
0315cd1680136ba95453dd922167063ba3e83df1
043d64ad39164b2b6d031cbaf82d44542b3904b814ffb4ae9738f0953e32f143

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /font-awesome.css HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/css
etag: W/"b3f38f8786407280c4585f1586bf26ee"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: a0ce1a641fa25fc8
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.ttf

213.180.193.247

404 Not Found

225 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.ttf
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
225 B (225 bytes)
Hash
331524b763617b753656594d08270bdf
10ef6e3857c6be369330a79c75b696677c7fa756
bda90e7a10ac48926970e2d8938fb7910251a2e4802749260e3b36ec3869890c

HTTP Headers

GET /RNHouseSansW05-Regular.ttf HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://snow-foul-prepared.glitch.me
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: text/html; charset=utf-8
x-amz-request-id: c43a67f01538834a
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.ttf

213.180.193.247

404 Not Found

225 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/RNHouseSansW05-Bold.ttf
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Size
225 B (225 bytes)
Hash
040fe1374dedfcfda754a668a41b609b
c3878523774924cba881f3f2fb5dc4f15ecce85a
37b98357099005092bbcb950558f10be6aaa2d3065350fff735155cc2baee580

HTTP Headers

GET /RNHouseSansW05-Bold.ttf HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://snow-foul-prepared.glitch.me
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: text/html; charset=utf-8
x-amz-request-id: fc8736c87a4711ba
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/main.css

213.180.193.247

200 OK

2.3 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/main.css
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
ASCII text, with very long lines (2467), with no line terminators
Size
2.3 kB (2341 bytes)
Hash
d27c908c0a0f4f7a2f4c3d9eab1eda9d
d919bdabb3c2594cf3d5fabc5738c0455f45a96d
e7bafd4ef8552124ce79b315cad6ad90072f4c9ec56d580988b433b940579ff3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /main.css HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/css
etag: W/"0c357b809e35163ef98bb273e7e3e587"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: e5abd3a2420e78c6
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/n-w-logo.svg

213.180.193.247

200 OK

4.9 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/n-w-logo.svg
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (5130), with no line terminators
Size
4.9 kB (4872 bytes)
Hash
38a645866bc3e70134037a82f4fe09dc
abd02684532197dfbf3aeb7a516a9cf10144f318
95741274755d42aeb33855bc5d24092c708d58907f5bbb1e45799aacf38d7c4d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /n-w-logo.svg HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: image/svg+xml
etag: W/"987cc7771f2fe14e61de62bd92e2411e"
last-modified: Mon, 04 Sep 2023 09:44:18 GMT
x-amz-request-id: fa496d8356747685
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/jquery-2.2.3.js

213.180.193.247

200 OK

259 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/jquery-2.2.3.js
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
ASCII text
Size
259 kB (258648 bytes)
Hash
aacc43d6f308fa362ac85e3f4fb2b30c
09b2fbec3c6e662be486da501a913d4b93ad39eb
95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /jquery-2.2.3.js HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/javascript
etag: W/"aacc43d6f308fa362ac85e3f4fb2b30c"
last-modified: Mon, 04 Sep 2023 09:44:18 GMT
x-amz-request-id: bda137d2923217f3
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/master_mobile.css

213.180.193.247

200 OK

48 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/master_mobile.css
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
ASCII text, with very long lines (417), with CRLF line terminators
Size
48 kB (48225 bytes)
Hash
5cc6a870d1a1dd62dc2690ea17b7e3c4
a35f3def4a047fa6a97b3add6ca760d4c2ebb318
762a7161fafb519ada43534e1e4aa7fd8f5ae402d21cdbb3aff8ff569b29ad6a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /master_mobile.css HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/css
etag: W/"5cc6a870d1a1dd62dc2690ea17b7e3c4"
last-modified: Mon, 04 Sep 2023 09:44:18 GMT
x-amz-request-id: a23aa38754347758
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/overlayPrompt.css

213.180.193.247

200 OK

76 B

URL GET HTTP/2
eclipse.website.yandexcloud.net/overlayPrompt.css
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
ASCII text, with no line terminators
Size
76 B (76 bytes)
Hash
29ac62190c59652415f3a6d0fdbf49c2
64a45fa68138c6eca867a94f61c6d8af16266ab4
dc167ac9ffb4e52df7c93e3fbcb4a261faf325636194a3ed80218814492fd620

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /overlayPrompt.css HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/css
etag: W/"82a1b6373fa17d314053cb7173954338"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: 723de73f57625efa
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/overlayPromptMaster.css

213.180.193.247

200 OK

1.4 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/overlayPromptMaster.css
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
ASCII text, with very long lines (1433), with no line terminators
Size
1.4 kB (1378 bytes)
Hash
fb29db1ccb5595033c04c41e41970ff7
3a2f704e6c8344224c35293aa35afb884cab0fb7
d97ad5adb79bfd3bc7e87caecd5d144b21102a2e619ae660319ff1d389dc5ebd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /overlayPromptMaster.css HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/css
etag: W/"1e4c183b3f098d3bca4ccce20c428912"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: 0b9fb6353f6b7b55
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/panel-defaults.css

213.180.193.247

200 OK

9.5 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/panel-defaults.css
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
ASCII text, with very long lines (10026), with no line terminators
Size
9.5 kB (9541 bytes)
Hash
2b13243b436c7b2bdab97a00d0bdc83e
b77a0b552752683c04911ae0a7ccc2ccd160e3e8
ab9a95d180845122008f01470e4c504eea345aeaae2b56810e5f5da80ae1764f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - NatWest

HTTP Headers

GET /panel-defaults.css HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/css
etag: W/"e909d59f350c1dad51b78325b5953eb2"
last-modified: Mon, 04 Sep 2023 09:44:18 GMT
x-amz-request-id: a6563cce6ba22c2d
content-encoding: gzip
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.woff2

213.180.193.247

200 OK

16 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/RNHouseSansW05-Regular.woff2
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type
Web Open Font Format (Version 2), TrueType, length 21572, version 1.65\012- data
Size
16 kB (16184 bytes)
Hash
79c8216e6da3ec8e33639d17e57dc0de
d64a5a7f4095a5b01eaecd05ede95001a67acfce
8abb655fc68f79e706a52f2c481a99dd7f902114a00a5d2f34b630a14eb16f2f

HTTP Headers

GET /RNHouseSansW05-Regular.woff2 HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://snow-foul-prepared.glitch.me
DNT: 1
Connection: keep-alive
Referer: https://eclipse.website.yandexcloud.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:53 GMT
content-type: application/x-www-form-urlencoded
content-length: 21572
accept-ranges: bytes
etag: "4b04fa8e8cb9b74a12575a0fd3e8f1ac"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: 26109e565c36b439
X-Firefox-Spdy: h2

eclipse.website.yandexcloud.net/master.css

213.180.193.247

200 OK

229 kB

URL GET HTTP/2
eclipse.website.yandexcloud.net/master.css
IP
213.180.193.247:443
ASN
#13238 YANDEX LLC

Requested by
https://snow-foul-prepared.glitch.me/public/ambomaza.html?/NATWESTB.ANKCR.CARD/info.htm
Certificate
IssuerGlobalSign nv-sa
Subject*.storage.yandexcloud.net
FingerprintCF:A1:D6:D8:81:FD:C9:B6:37:A0:BD:9B:43:3E:43:F5:88:A4:78:2F
ValidityMon, 11 Sep 2023 08:52:31 GMT - Fri, 12 Apr 2024 08:52:31 GMT

File type

Size
229 kB (228718 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /master.css HTTP/1.1
Host: eclipse.website.yandexcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://snow-foul-prepared.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 16 Nov 2023 02:35:51 GMT
content-type: text/css
etag: W/"2dfd733f065ca6d2369a67ef4983a29c"
last-modified: Mon, 04 Sep 2023 09:44:19 GMT
x-amz-request-id: 37ce163539bc785e
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN