zesty-continuous-spectacles.glitch.me Open in urlscan Pro
34.192.63.42 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
Submission: On July 16 via manual (July 16th 2021, 11:33:02 am UTC) from ES

Summary HTTP 8 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 7 domains to perform 8 HTTP transactions. The main IP is 34.192.63.42, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is zesty-continuous-spectacles.glitch.me.
TLS certificate: Issued by Amazon on January 18th 2021. Valid for: a year.

This is the only time zesty-continuous-spectacles.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
3	34.192.63.42 34.192.63.42	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:6c0... 2a02:26f0:6c00:2a7::35c1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
1	145.239.131.55 145.239.131.55	16276 (OVH) (OVH)
1 1	2606:4700:303... 2606:4700:3037::6815:bdb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	192.229.233.123 192.229.233.123	15133 (EDGECAST) (EDGECAST)
1	13.224.96.12 13.224.96.12	16509 (AMAZON-02) (AMAZON-02)
8	6

3 34.192.63.42 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-63-42.compute-1.amazonaws.com

zesty-continuous-spectacles.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:2a7::35c1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

secure.aadcdn.microsoftonline-p.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.131.55 (France)

ASN16276 (OVH, FR)
PTR: i.ibb.co

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:bdb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cloud.webtype.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.233.123 (Culver City, United States) 1 redirects

ASN15133 (EDGECAST, US)

cloud.typenetwork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.96.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-96-12.zrh50.r.cloudfront.net

cdn.glitch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	glitch.me zesty-continuous-spectacles.glitch.me	201 KB
2	typenetwork.com 1 redirects cloud.typenetwork.com	1 KB
1	glitch.com cdn.glitch.com	167 KB
1	webtype.com 1 redirects cloud.webtype.com	647 B
1	ibb.co i.ibb.co	23 KB
1	jquery.com code.jquery.com	30 KB
1	microsoftonline-p.com secure.aadcdn.microsoftonline-p.com	2 KB
8	7

	Domain	Requested by
3	zesty-continuous-spectacles.glitch.me	zesty-continuous-spectacles.glitch.me
2	cloud.typenetwork.com	1 redirects zesty-continuous-spectacles.glitch.me
1	cdn.glitch.com	zesty-continuous-spectacles.glitch.me
1	cloud.webtype.com	1 redirects
1	i.ibb.co	zesty-continuous-spectacles.glitch.me
1	code.jquery.com	zesty-continuous-spectacles.glitch.me
1	secure.aadcdn.microsoftonline-p.com	zesty-continuous-spectacles.glitch.me
8	7

This site contains links to these domains. Also see Links.

Domain
login.microsoftonline.com
login.live.com

Subject Issuer	Validity	Valid
glitch.com Amazon	`2021-01-18` - `2022-02-15`	a year	crt.sh
secure.aadcdn.microsoftonline-p.com Microsoft RSA TLS CA 01	`2020-12-22` - `2021-12-22`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
ibb.co R3	`2021-06-07` - `2021-09-05`	3 months	crt.sh
*.typenetwork.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-24` - `2022-06-29`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
Frame ID: 814C6896623285FFA4074C8292FD7A78
Requests: 5 HTTP requests in this frame

Frame: https://zesty-continuous-spectacles.glitch.me/Sign%20in%20to%20your%20account_files/prefetch(1).html
Frame ID: 53E9FEF10DD20F37E67031DEF8576530
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Page Statistics

8
Requests

100 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

6
IPs

4
Countries

424 kB
Transfer

480 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://login.microsoftonline.com/common/reprocess?ctx=rQIIAXWRO2_TUACFc_MwLSCoWGDswARy4nfiiA4hcZ2E2A6O3dZeItfx48bP2DeE5BewIHVg6oiEkCompgqE2DtVgglWBlQJCXVAjKQ_gOVMR5-OzvegRFbJ5n2GZlirfsjjvMXROMOTBG4xFIfTLM3RFEFOWILO7lzfQu--Tj7_edR9-ePG4OLyy6cTcNdHKM2btdpisagmrgttp2onUe0UgHMAfgJwXKw4Ma6PToo5R3N1muGoxppG8STL81VJU31F1BlppSNpakIZEoRMSauB5jHS9CmSRJ2StUlk7JuhFOmMMTVYRbMXSkdHZsePlDZBmOIuHOzvhvKaoYh7vjQNlsZKWMmRTn4r3lZac-RTV5FkcOVcFjfdJIvGaZKj49JboKRO3Ju0kzh2bFS9qjkxgraFYBIPsyR1MgSdfKc1U-XelOxanDmSGS8Yj4LnASFEROIqoc8m6p5gisFyZgxmPWt2yPYzlTOIpZaKMJuyFg_DgfvE16h2iFBg0l6wtDNZ2A_GJs6SndZAsqgof0an-MFjXqWEnt1osKY59zx3tpwPrfB9CVvfGiXxWenWelQMJ9tplrgwdM7L4KJ8kyg1NzawLXCvsF34WwavK2tbvwz3o2RG4hv--6j06rRwVqk9hKHHBhRNacOJwB9IklKPPFX1uSHZ7_aZrsApi5xvEMOY2WGa5BEGjjDsNwZeXCt82Pyf6381
Title: Can’t access your account?

Search URL Search Domain Scan URL

URL: https://login.live.com/oauth20_authorize.srf?response_type=code&client_id=51483342-085c-4d86-bf88-cf50c7252078&scope=openid+profile+email+offline_access&response_mode=form_post&redirect_uri=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2ffederation%2foauth2&state=rQIIAXWSvW_TUBTF4yQNbUFQISQYOzCBnDw_fySO6FBa10mJ7eDYbe0lch1_vPgzzmtD8hewIHVgyoiEkCompgqE2DtVgqmsDKgSEuqAGHHZu9zlnvPT1Tn3UYmqUs2HDM2wVn2fJ3mLo0mGpwBpMZAjaZbmaAioAQvo7O7yCn7_bfDlz5PWqx83OxeXXz_PiaV-iA6dqp1Ex8R9H-N03KzVJpNJNXFdZP9f1E4I4owgfhLEvLjgxKTeOy6OOZqr0wwHGzkZ8hTL81VJU31F1BlppmNpaCIZASBDadbRPEYaPseSqENZG0TGrhlKkc4YQ4NVNHuibOrY3PQjZQMAU9xCnd2tUM4ZirjjS8NgasyEmRzp1HnxjrJ-gH14NZIMzZzL4pKbZFE_TcZ4XnpHKKkTtwcbSRw7Nq5eyZwYI9vCKIm7WZI6GUbOeG19pMrtIdWyOLMnM17Q7wUvAiBEIHGV0GcTdUcwxWA6MjqjtjXaZ7czlTPAVEtFlA1Zi0dhx33ma3AjxDgwaS-Y2pks7AZ9k2SpzfWOZMFofEin5N5TXoVC2240WNM88Dx3ND3oWuGHUiWPNUri09Lt_KgYDVbTLHFR6JyViYvyLVBqLi5WVogHhdXC3zLxZiFv7pfhfpLMSHzLf--VXp8UThdqj1HosQGkodYdCPyeJCn1yFNVn-tS261tpiVwymTMN0A3ZtaYJnVUIY4qld-V4ssbhY9L13V9vnwv_5cGCXgSsquAb1K5tW7-Aw2&estsfed=1&uaid=64d4ac74f6bf483c8de40b4ceaf2d3bd&signup=1&lw=1&fl=easi2&fci=XMRaccount
Title: Create one!

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css HTTP 301
https://cloud.typenetwork.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css HTTP 301
https://cloud.typenetwork.com/projects/5027/fontface.css/

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request PAYMENT-COPY.html Show response
zesty-continuous-spectacles.glitch.me/ 194 KB
194 KB 481ms
270ms Document
text/html 34.192.63.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.63.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-192-63-42.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: dd872325587bc13f16ff5aac1d8ea6f7f3de4ce88b25509cf4219d889455aa07

Request headers

:method: GET
:authority: zesty-continuous-spectacles.glitch.me
:scheme: https
:path: /PAYMENT-COPY.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 11:32:42 GMT
content-type: text/html; charset=utf-8
content-length: 198416
x-amz-id-2: gckz6/BX3i1YAPGE8Rt7wc2rBJnlzpy1xQ+Zg3ScuBo1sJw4OJHCtxw01rK1UGqGpdVrQmlAQr8=
x-amz-request-id: HTPJK4C1HV5MN8M1
last-modified: Fri, 16 Jul 2021 00:59:31 GMT
etag: "19885e339c6bebca991a2e93c0cd1486"
cache-control: no-cache
x-amz-version-id: J69clW6Wb._ExDh0vGalbGWGPIh3ePDV
accept-ranges: bytes
server: AmazonS3

GET
H/1.1 200
OK microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ 4 KB
2 KB 32ms
7ms Image
image/svg+xml 2a02:26f0:6c00:2a7::35c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/microsoft_logo.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd

Requested by

Host: zesty-continuous-spectacles.glitch.me
URL: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:2a7::35c1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://zesty-continuous-spectacles.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 16 Jul 2021 11:32:43 GMT
Content-Encoding: gzip
Last-Modified: Sat, 18 May 2019 23:35:05 GMT
Content-MD5: nzaLxFgP7ZB3dfMcaybWzw==
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=106034
Strict-Transport-Security: max-age=31536000
Content-Length: 1435

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 22ms
7ms Script
application/javascript 2001:4de0:ac18::1:a:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: zesty-continuous-spectacles.glitch.me
URL: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer: https://zesty-continuous-spectacles.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 11:32:43 GMT
content-encoding: gzip
last-modified: Sat, 20 Jan 2018 17:26:44 GMT
server: nginx
etag: W/"5a637bd4-1538f"
vary: Accept-Encoding
x-hw: 1626435163.dop150.fr8.t,1626435163.cds250.fr8.hc,1626435163.cds002.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 404 prefetch(1).html Show response
zesty-continuous-spectacles.glitch.me/Sign%20in%20to%20your%20account_files/ Frame 53E9 4 KB
4 KB 135ms
134ms Document
text/html 34.192.63.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://zesty-continuous-spectacles.glitch.me/Sign%20in%20to%20your%20account_files/prefetch(1).html
Requested by: Host: zesty-continuous-spectacles.glitch.me
URL: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.63.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-192-63-42.compute-1.amazonaws.com
Software: /
Resource Hash: 5d1f9eac141b63c19a274eb9c099d629a0c4f747c8683dee8b93191b4ce0c1fd

Request headers

:method: GET
:authority: zesty-continuous-spectacles.glitch.me
:scheme: https
:path: /Sign%20in%20to%20your%20account_files/prefetch(1).html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html

Response headers

date: Fri, 16 Jul 2021 11:32:43 GMT
content-length: 3616
cache-control: max-age=0

GET
H2 200 9022.jpg
i.ibb.co/N7QNNFh/ 22 KB
23 KB 48ms
15ms Image
image/jpeg 145.239.131.55
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/N7QNNFh/9022.jpg
Requested by: Host: zesty-continuous-spectacles.glitch.me
URL: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.239.131.55 , France, ASN16276 (OVH, FR),
Reverse DNS: i.ibb.co
Software: nginx /
Resource Hash: 8e25730367880105125989bc08b6a049e1f6d93e4d431e2bb69acf253c5c51e1

Request headers

Referer: https://zesty-continuous-spectacles.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 11:32:43 GMT
last-modified: Sun, 09 May 2021 18:30:30 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 22943
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 background.jpg
zesty-continuous-spectacles.glitch.me/ 4 KB
4 KB 140ms
140ms Image
text/html 34.192.63.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://zesty-continuous-spectacles.glitch.me/background.jpg
Requested by: Host: zesty-continuous-spectacles.glitch.me
URL: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.63.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-192-63-42.compute-1.amazonaws.com
Software: /
Resource Hash: 5d1f9eac141b63c19a274eb9c099d629a0c4f747c8683dee8b93191b4ce0c1fd

Request headers

:path: /background.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: zesty-continuous-spectacles.glitch.me
referer: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://zesty-continuous-spectacles.glitch.me/PAYMENT-COPY.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 11:32:43 GMT
cache-control: max-age=0
content-length: 3616

GET
H2

200

/
cloud.typenetwork.com/projects/5027/fontface.css/ Frame 53E9
Redirect Chain

https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css
https://cloud.typenetwork.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css
https://cloud.typenetwork.com/projects/5027/fontface.css/

2 KB
917 B

8ms
8ms

Stylesheet
text/css

192.229.233.123
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cloud.typenetwork.com/projects/5027/fontface.css/

Requested by

Host: zesty-continuous-spectacles.glitch.me
URL: https://zesty-continuous-spectacles.glitch.me/Sign%20in%20to%20your%20account_files/prefetch(1).html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.233.123 Culver City, United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6760) /

Resource Hash

44c7b0d2968cd8af2ceea4b8af505ccf7704e5b449c2a43e0b4de7c21661c935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://zesty-continuous-spectacles.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 16 Jul 2021 11:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
age: 42616
x-cache: HIT
vary: Accept-Encoding
content-length: 510
last-modified: Thu, 15 Jul 2021 23:39:04 GMT
server: ECS (frb/6760)
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
allow: GET, HEAD, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=KNfCkEonXqi4s2ADhFm8OjNpVdacXSxbvrY8wSHmGCmi6KN9Q4dd3Bm6YTf4eSi7IahAiFE5CGmyCOx0WCKgXTNL3TAkKEPI1iVVAQSPBEwTvXLf0gpLIHhfsoz1Uqv%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=10800
cf-ray: 66f6d8ef4d9cd721-FRA
expires: Fri, 16 Jul 2021 14:32:43 GMT

Redirect headers

date: Fri, 16 Jul 2021 11:32:43 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7186
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Authorization, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WuL8fl0fxv%2F12Sa%2BqAGO0QCjZRq6u3KNgFKkBR%2BSv%2Fic%2By6SKaPOelu%2B7v25sxLsUycI4ZD%2FM%2BRxPXyt6v%2FM3o5xh%2Fvus4lZSthtHw4rDp9UhhG7QbCjtfdgIVOkj4OT%2BbFrkPU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
location: ../projects/5027/fontface.css/
cache-control: max-age=28800
cf-ray: 66fae95c2e771f39-FRA
access-control-allow-origin: *

GET
H/1.1 200
OK d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png
cdn.glitch.com/ Frame 53E9 166 KB
167 KB 107ms
33ms Image
image/png 13.224.96.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1595481653593
Requested by: Host: zesty-continuous-spectacles.glitch.me
URL: https://zesty-continuous-spectacles.glitch.me/Sign%20in%20to%20your%20account_files/prefetch(1).html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.96.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-96-12.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 22906a0f005949f275550013b9308673372a120f6c5e49145ac520658114f158

Request headers

Referer: https://zesty-continuous-spectacles.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Mon, 08 Feb 2021 01:33:09 GMT
Via: 1.1 e92dffa8673a73c15c61e7c3abefc47d.cloudfront.net (CloudFront)
Age: 13687175
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 170377
Last-Modified: Thu, 23 Jul 2020 05:20:52 GMT
Server: AmazonS3
ETag: "a002b1fa4cf220520bebb230b1b68a80"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET, HEAD, POST
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
X-Amz-Cf-Pop: ZRH50-C1
X-Amz-Cf-Id: 32EAMGRXOZRTT-pS6z-S4FeGaF94mox9xHGs3ypOGQpte0Jo-7KB4A==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.glitch.com
cloud.typenetwork.com
cloud.webtype.com
code.jquery.com
i.ibb.co
secure.aadcdn.microsoftonline-p.com
zesty-continuous-spectacles.glitch.me
13.224.96.12
145.239.131.55
192.229.233.123
2001:4de0:ac18::1:a:3a
2606:4700:3037::6815:bdb
2a02:26f0:6c00:2a7::35c1
34.192.63.42
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
22906a0f005949f275550013b9308673372a120f6c5e49145ac520658114f158
44c7b0d2968cd8af2ceea4b8af505ccf7704e5b449c2a43e0b4de7c21661c935
5d1f9eac141b63c19a274eb9c099d629a0c4f747c8683dee8b93191b4ce0c1fd
8e25730367880105125989bc08b6a049e1f6d93e4d431e2bb69acf253c5c51e1
dd872325587bc13f16ff5aac1d8ea6f7f3de4ce88b25509cf4219d889455aa07

zesty-continuous-spectacles.glitch.me Open in urlscan Pro 34.192.63.42 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

43 %IPv6

7 Domains

7 Subdomains

6 IPs

4 Countries

424 kBTransfer

480 kBSize

0 Cookies

2 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

25 JavaScript Global Variables

0 Cookies

Indicators

zesty-continuous-spectacles.glitch.me Open in urlscan Pro
34.192.63.42 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

6
IPs

4
Countries

424 kB
Transfer

480 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!