Report - jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html

Report Overview

Visited public
2025-04-29 16:24:03
Tags
suspicious
URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
Finishing URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP / ASN
151.101.2.59
#54113 FASTLY
Title
Online banking profile | Truist Online
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jumbled-striped-adasaurus.glitch.me	unknown	2008-07-18	2025-04-29	2025-04-29	516 B	1.5 MB	151.101.194.59
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-23	484 B	32 kB	104.17.24.14
l2.io	163527	2012-05-12	2015-06-25	2025-04-24	418 B	228 B	195.80.159.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-29 16:23:42	medium	Client IP	151.101.194.59	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2025-04-29 16:23:42	low	Client IP	151.101.194.59	ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)
2025-04-29 16:23:42	medium	Client IP	195.80.159.133	ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-29	medium	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	Detects file containing Telegram Bot API
2025-04-29	medium	javascript.write.md5:7bc9ff80354d17f37d20970261117704	Detects file containing Telegram Bot API

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Telegram Bot detected

URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP / ASN
151.101.194.59
#54113 FASTLY

Token
1750418914:AAGvauViE8H7CT7heYWqjDSlwbyyC3JCLPM

Bot Overview
User ID 1750418914
Username Natugbot
First Name Natzug
Last Name
Chat Information
Chat ID -1001403579854
Chat Type supergroup
Title Natzug
User Count 3
Admins 1
Pending Messages 0

URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP / ASN
151.101.194.59
#54113 FASTLY

Token
7726002243:AAHpMmRFY_opL6WZMhFSfJNCvOzmOXZohBE

Bot Overview
User ID 7726002243
Username TruistMeBackbot
First Name TrustMeBankbot
Last Name
Chat Information
Chat ID 1387035980
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP / ASN
151.101.194.59
#54113 FASTLY

Token
7726002243:AAHpMmRFY_opL6WZMhFSfJNCvOzmOXZohBE

Bot Overview
User ID 7726002243
Username TruistMeBackbot
First Name TrustMeBankbot
Last Name
Chat Information
Chat ID 1387035980
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP / ASN
151.101.194.59
#54113 FASTLY

Token
7726002243:AAHpMmRFY_opL6WZMhFSfJNCvOzmOXZohBE

Bot Overview
User ID 7726002243
Username TruistMeBackbot
First Name TrustMeBankbot
Last Name
Chat Information
Chat ID 1387035980
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP / ASN
151.101.194.59
#54113 FASTLY

Token
7726002243:AAHpMmRFY_opL6WZMhFSfJNCvOzmOXZohBE

Bot Overview
User ID 7726002243
Username TruistMeBackbot
First Name TrustMeBankbot
Last Name
Chat Information
Chat ID 1387035980
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP / ASN
151.101.194.59
#54113 FASTLY

Token
7726002243:AAHpMmRFY_opL6WZMhFSfJNCvOzmOXZohBE

Bot Overview
User ID 7726002243
Username TruistMeBackbot
First Name TrustMeBankbot
Last Name
Chat Information
Chat ID 1387035980
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

URL
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP / ASN
151.101.194.59
#54113 FASTLY

Token
7726002243:AAHpMmRFY_opL6WZMhFSfJNCvOzmOXZohBE

Bot Overview
User ID 7726002243
Username TruistMeBackbot
First Name TrustMeBankbot
Last Name
Chat Information
Chat ID 1387035980
Chat Type private
Title
User Count 2
Admins 0
Pending Messages 0

Token
1750418914:AAGvauViE8H7CT7heYWqjDSlwbyyC3JCLPM

Bot Overview
User ID 1750418914
Username Natugbot
First Name Natzug
Last Name
Chat Information
Chat ID -1001403579854
Chat Type supergroup
Title Natzug
User Count 3
Admins 1
Pending Messages 0

JavaScript (12)

	URL	From	Size	First Seen	Last Seen
	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	15 B	2023-03-07	2025-05-16
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06 Last Seen2025-05-16 14:04 Times Seen331 Hash a6334981a8bbe29aa5c1dc2edd2640b2 4c0fb8f501dfb048b93102fccc8976cd1ce14f34 5dedb26ee87d110b89e97198b67b2a79dc14359cfda2d56ff91af5f460b6a4a0 Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	65 B	2023-03-07	2025-05-16
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06 Last Seen2025-05-16 14:04 Times Seen328 Hash 2bd60c5b14d66a418d7acfdb28bbbdce d2281051c147d3ba68c9cdf1048cf1d49408aa39 7ebe893f5ae6a45f490e5b51841c7ba938425832b0326aad21a13106b52d8675 Loading...

	l2.io/ip.js?var=userip	ScriptElement	24 B	2023-03-07	2025-05-16
Pretty URL l2.io/ip.js?var=userip IP 195.80.159.133 ASN #29152 Decknet SARL Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-16 17:21 Times Seen1177 Hash f9dc91b3feea65bd389a2f5b57306c32 147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77 Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	2.9 kB	2025-03-31	2025-05-06
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2025-03-31 13:37 Last Seen2025-05-06 14:43 Times Seen11 Hash 715e08124e879a7d4f11764df6594a7b 6cee35ea8f0e69937a067ba82136c3847ae98cfe dd540759892bebee12e81a5021e0f6ba53574a6fe71f8206d6085c3777f157f4 Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	1.0 kB	2025-04-29	2025-05-06
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-29 16:24 Last Seen2025-05-06 14:43 Times Seen4 Hash 3f7f5417e5413088611eeea26a3748a4 a7bd14f1e1bb3bffacc35072d17b570ed1122928 54fdaeb0d11fedcf53cde30c8a64e5ae4bd0e59e37b1151ea0b71daf5d181a55 Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	1.2 kB	2025-04-29	2025-05-06
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-29 16:24 Last Seen2025-05-06 14:43 Times Seen4 Hash 1181be89b90820c739ea8108c4c8d7b4 e8ceeab6cf61b88b2a49fb6ac89f6deba664e032 a62cd6e63d197df87aec9ef6d88f078a26f2e33c1d54a55b26986bab0bc2965e Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	1.3 kB	2025-04-29	2025-05-06
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-29 16:24 Last Seen2025-05-06 14:43 Times Seen4 Hash d19eef2b98fa3b99f2757de74b51cc58 070f3a40fac2d4f3a3c773f11004de1a1614c923 48c17823aac52f2c9c7bb39387d520542a93a8e4bf6aea5ec3bfa5434b99d5e1 Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	1.4 kB	2025-04-29	2025-05-06
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-29 16:24 Last Seen2025-05-06 14:43 Times Seen4 Hash a1ae92218ffc589eb17dbf56189d51d8 6982701aec5e576a634a2799ff06836b52f2d218 f0061be6fc5c1c6c34375746bed11f8b50cda90ddb069b66c8aed39789699a0d Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	1.6 kB	2025-04-29	2025-05-06
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-29 16:24 Last Seen2025-05-06 14:43 Times Seen4 Hash 4b037b833769a83981ee80d4372449cc 6bd675c0ad83f81bb0728287a43cadf3547ca47d f50aa4783aa98c02a222e16a8fea7d13bfcfdc66e9d7e5b4ac60797067d61af5 Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	1.8 kB	2025-04-29	2025-05-06
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-29 16:24 Last Seen2025-05-06 14:43 Times Seen4 Hash 42050891caad10456c9498b8fded7642 9a4efa1ec5312f42ea856fa92ea498d3a462fcb1 65550872d0a32bfc0a70cd41c8d005c38060b968426a9fd30ae59de052cf6ce1 Loading...

	jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html	ScriptElement	5.4 kB	2025-03-31	2025-05-06
Pretty URL jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html IP 151.101.194.59 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-31 13:37 Last Seen2025-05-06 14:43 Times Seen8 Hash 29dde2e65a7418d69e1b3fcb46938eb8 dec92c1653d7518c3b9e71057a98d5f1da8c972d 9df0e808bb93b8513ce5877b1bacaadbaa374513bb4f9b1335d14bc5fba4f18b Loading...

		Size	First Seen	Last Seen
	#1 Write - 7bc9ff80354d17f37d20970261117704	1.8 kB	2024-12-28 10:41	2025-05-06 14:43
Pretty Observations First Seen2024-12-28 10:41 Last Seen2025-05-06 14:43 Times Seen15 Hash 7bc9ff80354d17f37d20970261117704 4475e8244c5629f309f2106941dd91c9444bc774 c075a2a88fabeb431d79a5edf19473947738ed8fbba36bbdc67208cb825500cf Loading...

HTTP Transactions (3)

URL IP Response Size

jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html

151.101.194.59

200 OK

1.5 MB

URL User Request GET
jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
IP
151.101.194.59:443
ASN
#54113 FASTLY

Certificate
IssuerCertainly
Subject*.glitch.me
FingerprintCC:6D:8A:9A:5E:86:0B:3D:6C:97:CC:83:20:62:8E:78:AC:E7:3E:57
ValidityFri, 11 Apr 2025 20:28:08 GMT - Sun, 11 May 2025 20:28:07 GMT

File type
HTML document, ASCII text, with very long lines (64094)
Size
1.5 MB (1513824 bytes)
Hash
b96b04ff8c48f35fa81824601e363985
ae1160852e6d0d396ec7c641c934686eeda57604
f07e55410255a53541ae0e15677d4bcf385869403e7512676972a21ef63c99d3

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
YARAhub by abuse.ch	malware	Detects file containing Telegram Bot API

HTTP Headers

GET /public/TruistOnline.html HTTP/1.1
Host: jumbled-striped-adasaurus.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-amz-server-side-encryption: AES256
x-amz-request-id: 8E30EB8524G1Q8AF
x-amz-id-2: reB+nx13Rhg/AShM7SADxleVYONhzV2UM2Npa9Xr11MGvR9XGsd0ht1IThnt9CXB23fuce/pE/INsfAJ+uO5vbGstA3Ygf6Z
cache-control: no-cache
server: AmazonS3
etag: "b96b04ff8c48f35fa81824601e363985"
content-type: text/html; charset=utf-8
last-modified: Fri, 25 Apr 2025 12:42:48 GMT
accept-ranges: bytes
x-amz-version-id: null
date: Tue, 29 Apr 2025 16:23:42 GMT
via: 1.1 varnish
x-served-by: cache-hel1410026-HEL, cache-hel1410026-HEL
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1745943822.151815,VS0,VE209
content-length: 1513824
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

31 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (30837)
Size
31 kB (31000 bytes)
Hash
269550530cc127b6aa5a35925a7de6ce
512c7d79033e3028a9be61b540cf1a6870c896f8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jumbled-striped-adasaurus.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 29 Apr 2025 16:23:42 GMT
content-type: text/css; charset=utf-8
content-length: 5631
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 9380253b6aff56cb-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 71816
expires: Sun, 19 Apr 2026 16:23:42 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=37vkzpQTOmZBxGAjj27mF3gGz62ekWI%2BEO7kmWShsumSwN6ESw8pkWtve%2B%2BnYYLIG%2BJ%2FqcQVHUMtehUEf242OVuQdzRQuCz7UXZoH2ESAakdj7BI2%2FY3b5Qla9toBZLIFoPTMEJd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

l2.io/ip.js?var=userip

195.80.159.133

200 OK

24 B

URL GET
l2.io/ip.js?var=userip
IP
195.80.159.133:443
ASN
#29152 Decknet SARL

Requested by
https://jumbled-striped-adasaurus.glitch.me/public/TruistOnline.html
Certificate
IssuerLet's Encrypt
Subjectl2.io
Fingerprint45:65:26:DB:67:D9:94:8A:B5:6C:87:29:58:09:3D:04:A3:29:59:EE
ValiditySat, 01 Mar 2025 18:23:38 GMT - Fri, 30 May 2025 18:23:37 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
f9dc91b3feea65bd389a2f5b57306c32
147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e
d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77

HTTP Headers

GET /ip.js?var=userip HTTP/1.1
Host: l2.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jumbled-striped-adasaurus.glitch.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 29 Apr 2025 16:23:42 GMT
Server: Apache/2.4.59 (Debian)
Content-Length: 24
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Telegram Bot detected

Token

Bot Overview

Chat Information

Token

Bot Overview

Chat Information

Token

Bot Overview

Chat Information

Token

Bot Overview

Chat Information

Token

Bot Overview

Chat Information

Token

Bot Overview

Chat Information

Token

Bot Overview

Chat Information

Token

Bot Overview

Chat Information

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL