sms.letzjam.net
Open in
urlscan Pro
2606:4700:20::ac43:4978
Malicious Activity!
Public Scan
Submission: On August 09 via manual from PH
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 5th 2020. Valid for: a year.
This is the only time sms.letzjam.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metrobank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:20:... 2606:4700:20::ac43:4978 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 51.15.24.4 51.15.24.4 | 12876 (Online SAS) (Online SAS) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:818::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 210.213.81.109 210.213.81.109 | 9299 (IPG-AS-AP...) (IPG-AS-AP Philippine Long Distance Telephone Company) | |
1 1 | 2a00:1450:400... 2a00:1450:400c:c00::9d | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:81c::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2003 | 15169 (GOOGLE) (GOOGLE) | |
23 | 5 |
ASN15169 (GOOGLE, US)
ssl.google-analytics.com |
ASN9299 (IPG-AS-AP Philippine Long Distance Telephone Company, PH)
PTR: personal.metrobankdirect.com
personal.metrobankdirect.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
letzjam.net
sms.letzjam.net |
85 KB |
3 |
tikcdn.com
h.tikcdn.com |
1 KB |
2 |
metrobankdirect.com
personal.metrobankdirect.com |
63 KB |
2 |
google-analytics.com
1 redirects
ssl.google-analytics.com |
17 KB |
1 |
google.de
www.google.de |
492 B |
1 |
google.com
1 redirects
www.google.com |
355 B |
1 |
doubleclick.net
1 redirects
stats.g.doubleclick.net |
463 B |
23 | 7 |
Domain | Requested by | |
---|---|---|
16 | sms.letzjam.net |
sms.letzjam.net
|
3 | h.tikcdn.com |
sms.letzjam.net
|
2 | personal.metrobankdirect.com |
sms.letzjam.net
|
2 | ssl.google-analytics.com |
1 redirects
sms.letzjam.net
|
1 | www.google.de |
sms.letzjam.net
|
1 | www.google.com | 1 redirects |
1 | stats.g.doubleclick.net | 1 redirects |
23 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
personal.metrobankdirect.com |
www.metrobank.com.ph |
www.globalsign.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
letzjam.net Cloudflare Inc ECC CA-3 |
2020-07-05 - 2021-07-05 |
a year | crt.sh |
h.tikcdn.com Let's Encrypt Authority X3 |
2020-06-14 - 2020-09-12 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-07-15 - 2020-10-07 |
3 months | crt.sh |
personal.metrobankdirect.com GlobalSign Extended Validation CA - SHA256 - G3 |
2020-01-23 - 2021-03-27 |
a year | crt.sh |
www.google.de GTS CA 1O1 |
2020-07-15 - 2020-10-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://sms.letzjam.net/Metrobank/RetailInternetPortal/
Frame ID: 3BAA8799D6FA0FEF465FD91513D328AB
Requests: 23 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Forgot your User ID?
Search URL Search Domain Scan URL
Title: Forgot your Password?
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: ABOUT SSL CERTIFICATES
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=932191929&utmhn=sms.letzjam.net&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Welcome%20to%20Metrobankdirect&utmhid=608532603&utmr=-&utmp=%2FMetrobank%2FRetailInternetPortal%2F&utmht=1596967965525&utmac=UA-38157209-1&utmcc=__utma%3D83567764.85277415.1596967966.1596967966.1596967966.1%3B%2B__utmz%3D83567764.1596967966.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1327558596&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-38157209-1&cid=85277415.1596967966&jid=1327558596&_v=5.7.2&z=932191929 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38157209-1&cid=85277415.1596967966&jid=1327558596&_v=5.7.2&z=932191929 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38157209-1&cid=85277415.1596967966&jid=1327558596&_v=5.7.2&z=932191929&slf_rd=1&random=3625624630
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
sms.letzjam.net/Metrobank/RetailInternetPortal/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reset.css
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
790 B 566 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
26 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
45 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preload.js
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
0 74 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sha256.js
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
md5.js
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-v1.7.1.js
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
92 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browserNotSupported.js
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
1 KB 436 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metrobank-logo.png
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mb-personal-PNG.png
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
preload.js
h.tikcdn.com/ |
509 B 703 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
ssl.google-analytics.com/ |
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-bg.png
personal.metrobankdirect.com/RetailInternetPortal/images/ |
62 KB 63 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
button-bg-login.png
personal.metrobankdirect.com/RetailInternetPortal/images/ |
180 B 633 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cache.png
h.tikcdn.com/ |
35 B 330 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 492 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
view-demo.png
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
siteSeal.do
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
7 KB 7 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
siteSealImage.do
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
4 KB 4 KB |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gmogs_image_125-50_en_dblue.js
sms.letzjam.net/Metrobank/RetailInternetPortal/Metrobank_files/ |
1 KB 840 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
sms.letzjam.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 843 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cache.png
h.tikcdn.com/ |
35 B 330 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metrobank (Banking)85 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| rotateRight function| choice function| majority function| sha256_Sigma0 function| sha256_Sigma1 function| sha256_sigma0 function| sha256_sigma1 function| sha256_expand object| K256 undefined| ihash undefined| count undefined| buffer string| sha256_hex_digits function| safe_add function| sha256_init function| sha256_transform function| sha256_update function| sha256_final function| sha256_encode_bytes function| sha256_encode_hex function| sha256_digest function| sha256_self_test number| hexcase string| b64pad number| chrsz string| key function| hex_md5 function| b64_md5 function| str_md5 function| hex_hmac_md5 function| b64_hmac_md5 function| str_hmac_md5 function| md5_vm_test function| core_md5 function| md5_cmn function| md5_ff function| md5_gg function| md5_hh function| md5_ii function| core_hmac_md5 function| bit_rol function| str2binl function| binl2str function| binl2hex function| binl2b64 object| _0xd944 function| $ function| jQuery function| CheckBrowser string| pageFrom string| errrorMessage function| loader function| submitForm function| resetdata number| asciiF51 number| ctrlN1 object| forbiddenKeys1 boolean| bRet1 boolean| bIsFunctionKey1 function| onKeyPress1 function| disableCntrls function| disContextMenu function| connectToOnlineDemo object| _gaq object| jQuery17107297294097528297 object| _gat object| gaGlobal function| ss_js_sealTagStr function| ss_js_seal string| ss_ua undefined| ss_opera boolean| ss_msie boolean| ss_msie4 boolean| ss_ns4 boolean| ss_ns6 undefined| ss_opera6lower undefined| ss_no_dyna_script string| ss_fqdn string| ss_size string| ss_type string| ss_lang string| ss_ver string| ss_service string| ss_protocol string| ss_jspUrl0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=0; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
h.tikcdn.com
personal.metrobankdirect.com
sms.letzjam.net
ssl.google-analytics.com
stats.g.doubleclick.net
www.google.com
www.google.de
210.213.81.109
2606:4700:20::ac43:4978
2a00:1450:4001:818::2008
2a00:1450:4001:81a::2003
2a00:1450:4001:81c::2004
2a00:1450:400c:c00::9d
51.15.24.4
03f09f6f24e3f2e7806a4e54659ebae4830f1ec2759149126e8bff020764cd72
11acce429c8b9291819f2c0a1e620233b71217437a14570c0307b295a0fba74c
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
15b31f167644dcee28d3ddd373b00dc04077aa5be63f82fc340c0a95a07e43ff
16b1714b15e01cc23638a34b9259ffa2d8be93b16a204adc7eea027fe9e47dec
17a369eef2a9629be08f3a0a63aca73915725a437dade1a83a7a0ae10334013f
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25b17a14e14e22528f0944c95cf5305f59467b86814ef8a325602530afc3a3a6
2ac6c7f2f3c37b472f5e1e8c1a46af2f77eca965af9bc54423716f7c151fb1e4
2e29dd824a1688dad433eba602c4f1653a81123a5a0f5add96e8d15d85fe273b
428fc64a771b584687c23f9065f36d29661187b1e996417b0437fd9becef6e7a
4a3303fbe2fa0bdeb6ecb82f44e7daabece053cb64f1d83d1c528d3da8029528
5c7a28fd9d9b221e20521dd703003778549e6606ca70e1a9b77104201c6c82fb
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
72dbc369adff4d5146f091034b242e2a2723d7383c7180e9c00213c4f42f89d1
8f0b064905b4b036c2b9f16afa4819d52731505f4cd48494c02c405880ad0a1f
a5d2ce66efae0fde2f825b3dc79ebcd06d67c8e6d3340c6d20a8f81fb77440c2
b92fffae8fbb02c485c8415ae968ea0692973ae7686682a2921a7990e641eee9
c2ca3ab2adca3e4ba4736cba9bd3cf672ce80d74fdcff565e27b00de7e127ae1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f9ef21241a830c7be6be4c110c7eddb772b46a899cf1b37a0ae9f666d38ffee9