![](/screenshots/5563188c-186d-447d-985f-c8514da54c10.png)
hematic-sealed-link.glitch.me
Open in
urlscan Pro
44.198.62.156
Malicious Activity!
Public Scan
Submission: On July 27 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by Amazon RSA 2048 M01 on February 22nd 2023. Valid for: a year.
This is the only time hematic-sealed-link.glitch.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 44.198.62.156 44.198.62.156 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 2 | 172.67.74.213 172.67.74.213 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 152.199.39.242 152.199.39.242 | 15133 (EDGECAST) (EDGECAST) | |
2 | 142.250.207.106 142.250.207.106 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.21.235.70 104.21.235.70 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.67.138.168 172.67.138.168 | () () | |
15 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-198-62-156.compute-1.amazonaws.com
hematic-sealed-link.glitch.me |
ASN15169 (GOOGLE, US)
PTR: kix06s11-in-f10.1e100.net
ajax.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 1103 |
4 KB |
2 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 409 |
61 KB |
2 |
tailwindcss.com
1 redirects
cdn.tailwindcss.com — Cisco Umbrella Rank: 61996 |
108 KB |
1 |
eevilcorp.online
eevilcorp.online |
8 KB |
1 |
iili.io
iili.io — Cisco Umbrella Rank: 44242 |
93 KB |
1 |
glitch.me
hematic-sealed-link.glitch.me |
6 KB |
0 |
ipify.org
Failed
api.ipify.org Failed |
|
0 |
msauth.net
Failed
aadcdn.msauth.net Failed |
|
0 |
jsdelivr.net
Failed
cdn.jsdelivr.net Failed |
|
0 |
jquery.com
Failed
code.jquery.com Failed |
|
15 | 10 |
Domain | Requested by | |
---|---|---|
3 | aadcdn.msftauth.net |
hematic-sealed-link.glitch.me
|
2 | ajax.googleapis.com |
hematic-sealed-link.glitch.me
ajax.googleapis.com |
2 | cdn.tailwindcss.com |
1 redirects
hematic-sealed-link.glitch.me
|
1 | eevilcorp.online |
ajax.googleapis.com
|
1 | iili.io |
hematic-sealed-link.glitch.me
|
1 | hematic-sealed-link.glitch.me | |
0 | api.ipify.org Failed |
ajax.googleapis.com
|
0 | aadcdn.msauth.net Failed | |
0 | cdn.jsdelivr.net Failed |
ajax.googleapis.com
|
0 | code.jquery.com Failed |
ajax.googleapis.com
|
15 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon RSA 2048 M01 |
2023-02-22 - 2024-02-01 |
a year | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2023-01-31 - 2024-01-31 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
iili.io E1 |
2023-06-12 - 2023-09-10 |
3 months | crt.sh |
eevilcorp.online GTS CA 1P5 |
2023-06-03 - 2023-09-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://hematic-sealed-link.glitch.me/
Frame ID: 2F2C5E57A5A2A9F8EE2D39C2FBFFC891
Requests: 15 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cdn.tailwindcss.com/ HTTP 302
- https://cdn.tailwindcss.com/3.3.3
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
hematic-sealed-link.glitch.me/ |
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.3.3
cdn.tailwindcss.com/ Redirect Chain
|
354 KB 107 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Hszwz5x.md.png
iili.io/ |
92 KB 93 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
generator
eevilcorp.online/ |
37 KB 8 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-ui.min.js
code.jquery.com/ui/1.13.2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
axios.min.js
cdn.jsdelivr.net/npm/axios/dist/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 824 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
api.ipify.org/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- code.jquery.com
- URL
- https://code.jquery.com/ui/1.13.2/jquery-ui.min.js
- Domain
- cdn.jsdelivr.net
- URL
- https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js
- Domain
- aadcdn.msauth.net
- URL
- https://aadcdn.msauth.net/shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg
- Domain
- aadcdn.msauth.net
- URL
- https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
- Domain
- aadcdn.msauth.net
- URL
- https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_call_fe87496cc7a44412f7893a72099c120a.svg
- Domain
- api.ipify.org
- URL
- https://api.ipify.org/?format=json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| tailwind string| /template.html function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
aadcdn.msftauth.net
ajax.googleapis.com
api.ipify.org
cdn.jsdelivr.net
cdn.tailwindcss.com
code.jquery.com
eevilcorp.online
hematic-sealed-link.glitch.me
iili.io
aadcdn.msauth.net
api.ipify.org
cdn.jsdelivr.net
code.jquery.com
104.21.235.70
142.250.207.106
152.199.39.242
172.67.138.168
172.67.74.213
44.198.62.156
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
2f045c08eab95531e7f995502efa1d0a418ec34f2962bfea7efb0bc9c01ef914
8ea5165a14a0c8a5273cdb7e0820bd56ac90fbedfbe37d3cd602306b4adf2590
c027f55c9f22f748fa348788fe50207e2cc91e7e7656b1f9ad70003c0ed9fa1b
c3fb0179cf3e41b2798efbbf8d370caded0245d7ad5b4475ea1e6678dcdba8aa
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e