balsam-marshy-cabin.glitch.me
Open in
urlscan Pro
52.4.79.205
Malicious Activity!
Public Scan
Effective URL: https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
Submission: On June 17 via manual from CA — Scanned from CA
Summary
TLS certificate: Issued by Amazon RSA 2048 M03 on December 4th 2023. Valid for: a year.
This is the only time balsam-marshy-cabin.glitch.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 104.18.38.91 104.18.38.91 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 104.21.24.225 104.21.24.225 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 52.4.79.205 52.4.79.205 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 | 151.101.65.229 151.101.65.229 | 54113 (FASTLY) (FASTLY) | |
5 | 4 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-79-205.compute-1.amazonaws.com
balsam-marshy-cabin.glitch.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373 |
137 KB |
2 |
glitch.me
balsam-marshy-cabin.glitch.me |
315 KB |
2 |
hs-sales-engage.com
1 redirects
chsk204.na1.hs-sales-engage.com |
3 KB |
1 |
frsoson.com
1 redirects
frsoson.com |
516 B |
5 | 4 |
Domain | Requested by | |
---|---|---|
2 | cdn.jsdelivr.net |
balsam-marshy-cabin.glitch.me
cdn.jsdelivr.net |
2 | balsam-marshy-cabin.glitch.me |
chsk204.na1.hs-sales-engage.com
|
2 | chsk204.na1.hs-sales-engage.com | 1 redirects |
1 | frsoson.com | 1 redirects |
5 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
hs-sales-engage.com E1 |
2024-04-20 - 2024-07-19 |
3 months | crt.sh |
glitch.com Amazon RSA 2048 M03 |
2023-12-04 - 2025-01-01 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
Frame ID: 6A84D4C6821FEA7DCCF0559E5D5D567B
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Secured DocumentPage URL History Show full URLs
- https://chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9... Page URL
-
https://chsk204.na1.hs-sales-engage.com/events/public/v1/encoded/track/tc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM...
HTTP 307
https://frsoson.com/go/from/go.php?id=natasha.sembay@bienenstockplaygrounds.com HTTP 302
https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com Page URL
Detected technologies
jsDelivr (CDN) ExpandDetected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hPDvpW2LP7gy8q65_BW8MXH9M1sh2c5W18D-N88jNnsBW43Y6LK5ysV3yW1_S-nq2z66ZlW1ygwkG72LqFNW7WzVHD3YJ5YKW53HY2k6l-9MhW58HZZ-7CYKLXW9fXC-g9gKQBFW3fFt9G5Zh2hDN5vJP_f5lYRPN4fbyz71MMfPN82q4VkxrJnzf6Gc3_T04 Page URL
-
https://chsk204.na1.hs-sales-engage.com/events/public/v1/encoded/track/tc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hPDvpW2LP7gy8q65_BW8MXH9M1sh2c5W18D-N88jNnsBW43Y6LK5ysV3yW1_S-nq2z66ZlW1ygwkG72LqFNW7WzVHD3YJ5YKW53HY2k6l-9MhW58HZZ-7CYKLXW9fXC-g9gKQBFW3fFt9G5Zh2hDN5vJP_f5lYRPN4fbyz71MMfPN82q4VkxrJnzf6Gc3_T04?_ud=b5c3a3bb-65be-4311-9e6b-18292387ddbd&_jss=1&_fl=8&_pl=5&_hc=48&_lg=en-US,en&_plt=Win32&_scr=1600,1200
HTTP 307
https://frsoson.com/go/from/go.php?id=natasha.sembay@bienenstockplaygrounds.com HTTP 302
https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hP...
chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
lxst.html
balsam-marshy-cabin.glitch.me/crobt/a/b/c/ Redirect Chain
|
310 KB 311 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
remixicon.css
cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/ |
108 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
161 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
330 B 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
54 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
remixicon.woff2
cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/ |
122 KB 123 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
balsam-marshy-cabin.glitch.me/ |
4 KB 4 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage string| herewego0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
balsam-marshy-cabin.glitch.me
cdn.jsdelivr.net
chsk204.na1.hs-sales-engage.com
frsoson.com
104.18.38.91
104.21.24.225
151.101.65.229
52.4.79.205
13e29a29baade86f4e7a88d8e076d6a6f3ac8950757b50a0f8bbea1c33658d5c
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c
36d10e7d3d2899129e9fceaa5dd3f0d892920e4706cbeaba50a957bd4644d7d7
782f734ea94bb2332236df4620b49734307eca76e6e31dc58fccb5b38bb5927c
a91f8f4168564e885713c6d6d29e8d0323bbf0a79feb89a1e8453b4ffd4bb977
b689ff2998304d5d01e0be9fb2bf7c6334875e9a5875bf85cc4dbf3a98e862f2
c052145350d48cc8996da6265b8808811788a0ea38a8bd3ad8e79831a3912b7b
e61f0d10c8cac8cd0ecb36790d6cce883380c0b185ff3c9bf849ed336ba8285c
f71e2a1f573a6ed795a2ee3ee0865ad361ba14e444b293d3d7c260f97c0731fb