urlscan.io logo urlscan.io
SecurityTrails logo

balsam-marshy-cabin.glitch.me Open in urlscan Pro
52.4.79.205  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18Y...
Effective URL: https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
Submission: On June 17 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 52.4.79.205, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is balsam-marshy-cabin.glitch.me.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 4th 2023. Valid for: a year.
This is the only time balsam-marshy-cabin.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Adobe (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2 104.18.38.91 13335 (CLOUDFLAR...)
1 1 104.21.24.225 13335 (CLOUDFLAR...)
2 52.4.79.205 14618 (AMAZON-AES)
2 151.101.65.229 54113 (FASTLY)
5 4
Apex Domain
Subdomains		 Transfer
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373
137 KB
2 glitch.me
balsam-marshy-cabin.glitch.me
315 KB
2 hs-sales-engage.com
chsk204.na1.hs-sales-engage.com
3 KB
1 frsoson.com
frsoson.com
516 B
5 4
Domain Requested by
2 cdn.jsdelivr.net balsam-marshy-cabin.glitch.me
cdn.jsdelivr.net
2 balsam-marshy-cabin.glitch.me chsk204.na1.hs-sales-engage.com
2 chsk204.na1.hs-sales-engage.com 1 redirects
1 frsoson.com 1 redirects
5 4

This site contains no links.

Subject Issuer Validity Valid
hs-sales-engage.com
E1		 2024-04-20 -
2024-07-19		 3 months crt.sh
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
Frame ID: 6A84D4C6821FEA7DCCF0559E5D5D567B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Secured Document

Page URL History Show full URLs

  1. https://chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9... Page URL
  2. https://chsk204.na1.hs-sales-engage.com/events/public/v1/encoded/track/tc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM... HTTP 307
    https://frsoson.com/go/from/go.php?id=natasha.sembay@bienenstockplaygrounds.com HTTP 302
    https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

455 kB
Transfer

781 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hPDvpW2LP7gy8q65_BW8MXH9M1sh2c5W18D-N88jNnsBW43Y6LK5ysV3yW1_S-nq2z66ZlW1ygwkG72LqFNW7WzVHD3YJ5YKW53HY2k6l-9MhW58HZZ-7CYKLXW9fXC-g9gKQBFW3fFt9G5Zh2hDN5vJP_f5lYRPN4fbyz71MMfPN82q4VkxrJnzf6Gc3_T04 Page URL
  2. https://chsk204.na1.hs-sales-engage.com/events/public/v1/encoded/track/tc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hPDvpW2LP7gy8q65_BW8MXH9M1sh2c5W18D-N88jNnsBW43Y6LK5ysV3yW1_S-nq2z66ZlW1ygwkG72LqFNW7WzVHD3YJ5YKW53HY2k6l-9MhW58HZZ-7CYKLXW9fXC-g9gKQBFW3fFt9G5Zh2hDN5vJP_f5lYRPN4fbyz71MMfPN82q4VkxrJnzf6Gc3_T04?_ud=b5c3a3bb-65be-4311-9e6b-18292387ddbd&_jss=1&_fl=8&_pl=5&_hc=48&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    https://frsoson.com/go/from/go.php?id=natasha.sembay@bienenstockplaygrounds.com HTTP 302
    https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hP...
chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hPDvpW2LP7gy8q65_BW8MXH9M1sh2c5W18D-N88jNnsBW43Y6LK5ysV3yW1_S-nq2z66ZlW1ygwkG72LqFNW7WzVHD3YJ5YKW53HY2k6l-9MhW58HZZ-7CYKLXW9fXC-g9gKQBFW3fFt9G5Zh2hDN5vJP_f5lYRPN4fbyz71MMfPN82q4VkxrJnzf6Gc3_T04
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.38.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-credentials
false
cf-cache-status
DYNAMIC
cf-ray
89547faeed88ab09-YYZ
content-encoding
gzip
content-type
text/html;charset=utf-8
date
Mon, 17 Jun 2024 16:43:28 GMT
referrer-policy
no-referrer
server
cloudflare
vary
origin
x-content-type-options
nosniff
x-envoy-upstream-service-time
11
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-544dd46489-cv5k8
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
9d7664e7-552b-4e34-ab85-73f946d56621
x-request-id
9d7664e7-552b-4e34-ab85-73f946d56621
x-robots-tag
none
Primary Request lxst.html
balsam-marshy-cabin.glitch.me/crobt/a/b/c/
Redirect Chain
  • https://chsk204.na1.hs-sales-engage.com/events/public/v1/encoded/track/tc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG...
  • https://frsoson.com/go/from/go.php?id=natasha.sembay@bienenstockplaygrounds.com
  • https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
310 KB
311 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
Requested by
Host: chsk204.na1.hs-sales-engage.com
URL: https://chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hPDvpW2LP7gy8q65_BW8MXH9M1sh2c5W18D-N88jNnsBW43Y6LK5ysV3yW1_S-nq2z66ZlW1ygwkG72LqFNW7WzVHD3YJ5YKW53HY2k6l-9MhW58HZZ-7CYKLXW9fXC-g9gKQBFW3fFt9G5Zh2hDN5vJP_f5lYRPN4fbyz71MMfPN82q4VkxrJnzf6Gc3_T04
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.4.79.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-79-205.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
782f734ea94bb2332236df4620b49734307eca76e6e31dc58fccb5b38bb5927c

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://chsk204.na1.hs-sales-engage.com/Ctc/I5+23284/cHsk204/JlF2-6qcW8wLKSR6lZ3l7VjTM942brRLqW5nM14h4N34LkVMGlbn2X9XylW1mgL421016lqV18YXv2f6SJxW73FG1Z5z-mY7W8SM24D9jG-8yW6C13Kn7FBLSfW5Xdhb05v5XdlW3d8khC89_PcrW5f-BR436qD6kW1fgqFx2wycjDW5YftGP73DMl_W7pDtRP3hPDvpW2LP7gy8q65_BW8MXH9M1sh2c5W18D-N88jNnsBW43Y6LK5ysV3yW1_S-nq2z66ZlW1ygwkG72LqFNW7WzVHD3YJ5YKW53HY2k6l-9MhW58HZZ-7CYKLXW9fXC-g9gKQBFW3fFt9G5Zh2hDN5vJP_f5lYRPN4fbyz71MMfPN82q4VkxrJnzf6Gc3_T04
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
317948
content-type
text/html; charset=utf-8
date
Mon, 17 Jun 2024 16:43:29 GMT
etag
"d9614dfaaa4d5476c7a923fc9b242f6d"
last-modified
Wed, 08 Nov 2023 10:14:49 GMT
server
AmazonS3
x-amz-id-2
8u55C6RiGmim5nYiuC85+Ug3cKrsY5eAhSMjKfjTWdqOVfvM3YAkUsM27b3fh6hKAn7J5ssUKBH53d8+O6qEMQ==
x-amz-request-id
B487YFKPRX3X0MFH
x-amz-server-side-encryption
AES256
x-amz-version-id
S9qNvQIHucH2UpwtV1jEg.JWki0bK_FO

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
89547fb0ffc1ac25-YYZ
content-type
text/html; charset=UTF-8
date
Mon, 17 Jun 2024 16:43:29 GMT
location
https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F4s%2FXq8Hywd8DjbOP%2BK0pavNXnV1neHWiDJfgMBfkSoS%2FP2DIkb9Cx%2F6qCligTu%2BSfN6J4m0C3l2e4N%2FrVW%2B3zgUtWG%2F22uN%2BFcoEGStlV8MD9wLJcweCZ2LTcmIQg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
remixicon.css
cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/ 		108 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css
Requested by
Host: balsam-marshy-cabin.glitch.me
URL: https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
13e29a29baade86f4e7a88d8e076d6a6f3ac8950757b50a0f8bbea1c33658d5c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://balsam-marshy-cabin.glitch.me/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 17 Jun 2024 16:43:29 GMT
x-content-type-options
nosniff
content-encoding
br
age
1519508
x-jsd-version
2.5.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
13745
x-served-by
cache-fra-eddf8230041-FRA, cache-yyz4559-YYZ
x-jsd-version-type
version
etag
W/"1af66-MA7aTWKCoG0FYjklj9PTw0TfSFM"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f71e2a1f573a6ed795a2ee3ee0865ad361ba14e444b293d3d7c260f97c0731fb

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		161 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c052145350d48cc8996da6265b8808811788a0ea38a8bd3ad8e79831a3912b7b

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		330 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b689ff2998304d5d01e0be9fb2bf7c6334875e9a5875bf85cc4dbf3a98e862f2

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a91f8f4168564e885713c6d6d29e8d0323bbf0a79feb89a1e8453b4ffd4bb977

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		54 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
36d10e7d3d2899129e9fceaa5dd3f0d892920e4706cbeaba50a957bd4644d7d7

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
remixicon.woff2
cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/ 		122 KB
123 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.woff2?t=1590207869815
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e61f0d10c8cac8cd0ecb36790d6cce883380c0b185ff3c9bf849ed336ba8285c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css
Origin
https://balsam-marshy-cabin.glitch.me
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 17 Jun 2024 16:43:29 GMT
x-content-type-options
nosniff
age
2899765
x-jsd-version
2.5.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
125268
x-served-by
cache-fra-eddf8230122-FRA, cache-yyz4582-YYZ
x-jsd-version-type
version
etag
W/"1e954-TTdav0PtGKpUJkwbWXFLClnFk6Q"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
favicon.ico
balsam-marshy-cabin.glitch.me/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://balsam-marshy-cabin.glitch.me/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.4.79.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-79-205.compute-1.amazonaws.com
Software
/
Resource Hash
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 17 Jun 2024 16:43:29 GMT
cache-control
max-age=0
content-length
3674

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage string| herewego

0 Cookies

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://balsam-marshy-cabin.glitch.me/crobt/a/b/c/lxst.html?id=natasha.sembay@bienenstockplaygrounds.com
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://balsam-marshy-cabin.glitch.me/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff