email-godaddy-zwebmail.glitch.me Open in urlscan Pro
34.225.219.45 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://email-godaddy-zwebmail.glitch.me/
Effective URL:
http://email-godaddy-zwebmail.glitch.me/?realm=FRXLTMS573EMXFTY1WJ0QDX0Z56VO&pass=63251748b496c041273C6a6A5bB6bCA5a&app=9c442Ab5612Cc42C...
Submission: On November 26 via api (November 26th 2023, 4:18:31 pm UTC) from US — Scanned from DE

Summary HTTP 16 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 34.225.219.45, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is email-godaddy-zwebmail.glitch.me.

This is the only time email-godaddy-zwebmail.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: GoDaddy (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	34.225.219.45 34.225.219.45	14618 (AMAZON-AES) (AMAZON-AES)
4	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	23.53.42.211 23.53.42.211	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
16	4

2 34.225.219.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-219-45.compute-1.amazonaws.com

email-godaddy-zwebmail.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.53.42.211 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-53-42-211.deploy.static.akamaitechnologies.com

img6.wsimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	wsimg.com img6.wsimg.com — Cisco Umbrella Rank: 39166	236 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 335	55 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 762	65 KB
2	glitch.me email-godaddy-zwebmail.glitch.me	5 KB
16	4

	Domain	Requested by
8	img6.wsimg.com	cdn.jsdelivr.net
4	cdn.jsdelivr.net	email-godaddy-zwebmail.glitch.me cdn.jsdelivr.net
2	code.jquery.com	cdn.jsdelivr.net
2	email-godaddy-zwebmail.glitch.me	email-godaddy-zwebmail.glitch.me
16	4

This site contains links to these domains. Also see Links.

Domain
www.godaddy.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.wsimg.com Starfield Secure Certificate Authority - G2	`2023-09-19` - `2024-10-20`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://email-godaddy-zwebmail.glitch.me/?realm=FRXLTMS573EMXFTY1WJ0QDX0Z56VO&pass=63251748b496c041273C6a6A5bB6bCA5a&app=9c442Ab5612Cc42CB85B74c0b7B08a
Frame ID: E9B18B8BD5C993D67883FEEE57170119
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Page URL History Show full URLs

http://email-godaddy-zwebmail.glitch.me/ Page URL
http://email-godaddy-zwebmail.glitch.me/?realm=FRXLTMS573EMXFTY1WJ0QDX0Z56VO&pass=63251748b496c041273C6a6A5bB6bCA5a&... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

16
Requests

88 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

360 kB
Transfer

1042 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://www.godaddy.com/system-status
Title: Issues

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://email-godaddy-zwebmail.glitch.me/ Page URL
http://email-godaddy-zwebmail.glitch.me/?realm=FRXLTMS573EMXFTY1WJ0QDX0Z56VO&pass=63251748b496c041273C6a6A5bB6bCA5a&app=9c442Ab5612Cc42CB85B74c0b7B08a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
email-godaddy-zwebmail.glitch.me/ 2 KB
2 KB 460ms
333ms Document
text/html 34.225.219.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://email-godaddy-zwebmail.glitch.me/
Protocol: HTTP/1.1
Server: 34.225.219.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-219-45.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 90de56f7ac1245d3b02fb924b4131d97a4697e66696deedbc184c0066e76db46

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 1857
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Nov 2023 16:18:26 GMT
accept-ranges: bytes
cache-control: no-cache
etag: "6cbe6a8d4967f4e333965dba78a012ce"
last-modified: Fri, 24 Nov 2023 05:57:01 GMT
server: AmazonS3
x-amz-id-2: 2Cop10FMTumvqGhbi0JzxiBIDsqjpAKUB+0XPMKiHIJKiFtZFb8T9G+MHUMKQ9cOJsrOJSXelZE=
x-amz-request-id: DKQMQVF0PH0RREEF
x-amz-server-side-encryption: AES256
x-amz-version-id: xBoJGNCmKBLHnyfCCRnvgKKGEMjfdgIf

GET
H2 200 go.js Show response
cdn.jsdelivr.net/gh/conticons/go@main/ 52 KB
19 KB 232ms
215ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/conticons/go@main/go.js

Requested by

Host: email-godaddy-zwebmail.glitch.me
URL: http://email-godaddy-zwebmail.glitch.me/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e00420d6c8c27bdcfc5e0a98627c57e73b3e146f986427ac39dd9047c2c1826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://email-godaddy-zwebmail.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:18:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230105-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"d102-r2jv9m0oP4dYlNXEmLSljZIFF+s"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8TwtAEC81k1WMFeDkINi9ye3yifmD1wOVQ31TrjZDQD7TR7c9M6zK%2FI1s46To%2Bw9MMU4d5ooHgPXg0GPjNk0GB4Y4dOqUTNJ3%2BOoNdbhUyne98y6QJHJfqSWKs4pKNsRYGChg5q%2FnlRlu1nTM7g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82c37284482439d4-FRA

GET
H2 200 gd-sage-bold.woff2
img6.wsimg.com/ux/fonts/gd-sage/1.0/ 39 KB
40 KB 129ms
27ms Font
application/font-woff2 23.53.42.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be

Request headers

Referer: http://email-godaddy-zwebmail.glitch.me/
Origin: http://email-godaddy-zwebmail.glitch.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:18:26 GMT
last-modified: Thu, 04 Apr 2019 17:08:28 GMT
x-akamai-ew-subworker: 8096267
etag: "36811569ebd41:0"
x-edgeconnect-cache-status: 1
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701015506872_389360335_545536703_22_817_26_54_219";dur=1
accept-ranges: bytes
timing-allow-origin: *
content-length: 40132

GET
H2 200 gdsherpa-vf.woff2
img6.wsimg.com/ux/fonts/sherpa/2.0/ 43 KB
43 KB 161ms
59ms Font
application/font-woff2 23.53.42.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/ux/fonts/sherpa/2.0/gdsherpa-vf.woff2
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Request headers

Referer: http://email-godaddy-zwebmail.glitch.me/
Origin: http://email-godaddy-zwebmail.glitch.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:18:26 GMT
last-modified: Fri, 28 Jun 2019 11:19:54 GMT
etag: "029e468a32dd51:0"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701015506928_389360335_545536708_26_791_26_0_219";dur=1
accept-ranges: bytes
timing-allow-origin: *
content-length: 43596

GET
H2 200 uxcore2.min.css
img6.wsimg.com/wrhs/7c4a123069c201ce75da66eda7f84144/ 197 KB
24 KB 130ms
28ms Stylesheet
text/css 23.53.42.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/7c4a123069c201ce75da66eda7f84144/uxcore2.min.css
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2cef3bf6ee3a1b2453c003386edf6f3910d3bc5f2877b92293feb31630feb7a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://email-godaddy-zwebmail.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: ISnz6sZZAKWizMhQpvPrF0lf5xhB_szy
content-encoding: br
date: Sun, 26 Nov 2023 16:18:26 GMT
x-amz-request-id: 0KB0MMCBWW4XVDBC
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701015506872_389360335_545536706_21_986_26_55_255";dur=1
content-length: 24301
x-amz-id-2: jgGIfGMibe2nHMAYklXrNfHI6+SNkWDg2xwjy6DpWXLsXCM368l6S/haoYhRe5AGjJ9y8tuWzH0=
last-modified: Mon, 16 Oct 2023 01:24:10 GMT
etag: "5d1957ac324416a4182d601710634bfa"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 utilityheader.min.css
img6.wsimg.com/wrhs/85b267d197afda6bb67889db163a4058/ 64 KB
11 KB 157ms
55ms Stylesheet
text/css 23.53.42.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/85b267d197afda6bb67889db163a4058/utilityheader.min.css
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7e57ed63496f98e78eb0b722cb60b34fbb33dbb463c9dc905cc8b09890629e24

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://email-godaddy-zwebmail.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: JpB.D3PxSWevyG133zdHd8LOyXXHghH9
content-encoding: br
date: Sun, 26 Nov 2023 16:18:26 GMT
x-amz-request-id: 1PGT0190EB923ACB
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701015506927_389360335_545536707_20_978_26_0_255";dur=1
content-length: 10981
x-amz-id-2: lPDdxCZxz8ML0R0GnzE14gSQANDcY8nmMDqPJtIlEWlNPMtpKAxud1JEek6hx1zmhKYugwf7Z6dNFILp7diP6w==
last-modified: Mon, 30 Oct 2023 12:17:53 GMT
etag: "ec21b03bf866306593419393f91a86ed"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 new.css
cdn.jsdelivr.net/gh/oimage/goc@main/ 31 KB
8 KB 61ms
60ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/oimage/goc@main/new.css

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d53eb58a19d355efa60e9af817b296beeee2758c1f6cdbf195b42e6a6491c4a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://email-godaddy-zwebmail.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:18:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230032-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"7b3a-51xzMQTLEMwdi78BZfzFGDLNums"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vslSXmOBkiM3ck8MpenNqCvEIOmeYfh0Lfnzlx0Ugcka%2BxMBFEPSVphZegfmzjqo1wMbCvE8DVYmNozQwpedJeep%2FnMkysd0y0s2h7sUMg0l2x%2FVAYx0HU%2F%2FJX4IaPzXs6OevsgfrEak9RcWvJs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82c37285a9fc39d4-FRA

GET
H2 200 jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
33 KB 36ms
9ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: http://email-godaddy-zwebmail.glitch.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 26 Nov 2023 16:18:26 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 6213303
x-cache: HIT, HIT
content-length: 33202
x-served-by: cache-lga21922-LGA, cache-fra-eddf8230128-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1701015507.857715,VS0,VE0
etag: W/"28feccc0-1762a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 45, 156922

GET
H/1.1 200
OK Primary Request / Show response
email-godaddy-zwebmail.glitch.me/ 2 KB
2 KB 140ms
139ms Document
text/html 34.225.219.45
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://email-godaddy-zwebmail.glitch.me/?realm=FRXLTMS573EMXFTY1WJ0QDX0Z56VO&pass=63251748b496c041273C6a6A5bB6bCA5a&app=9c442Ab5612Cc42CB85B74c0b7B08a
Requested by: Host: email-godaddy-zwebmail.glitch.me
URL: http://email-godaddy-zwebmail.glitch.me/
Protocol: HTTP/1.1
Server: 34.225.219.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-219-45.compute-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 90de56f7ac1245d3b02fb924b4131d97a4697e66696deedbc184c0066e76db46

Request headers

Referer: http://email-godaddy-zwebmail.glitch.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 1857
Content-Type: text/html; charset=utf-8
Date: Sun, 26 Nov 2023 16:18:27 GMT
accept-ranges: bytes
cache-control: no-cache
etag: "6cbe6a8d4967f4e333965dba78a012ce"
last-modified: Fri, 24 Nov 2023 05:57:01 GMT
server: AmazonS3
x-amz-id-2: OqeGyCmj6g+duE7MVMbbVfc/BAsyPm6sHDTO2izxKc6iDzFHmo8Px4OdtPjFICScMXxJ8lg0/z08l0JArs2wMw==
x-amz-request-id: YEJB4Q2SJSKKTH1A
x-amz-server-side-encryption: AES256
x-amz-version-id: xBoJGNCmKBLHnyfCCRnvgKKGEMjfdgIf

GET
H3 200 go.js Show response
cdn.jsdelivr.net/gh/conticons/go@main/ 52 KB
19 KB 25ms
25ms Script
application/javascript 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/conticons/go@main/go.js

Requested by

Host: email-godaddy-zwebmail.glitch.me
URL: http://email-godaddy-zwebmail.glitch.me/?realm=FRXLTMS573EMXFTY1WJ0QDX0Z56VO&pass=63251748b496c041273C6a6A5bB6bCA5a&app=9c442Ab5612Cc42CB85B74c0b7B08a

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e00420d6c8c27bdcfc5e0a98627c57e73b3e146f986427ac39dd9047c2c1826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://email-godaddy-zwebmail.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:18:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230023-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"d102-r2jv9m0oP4dYlNXEmLSljZIFF+s"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6w60OOq7G80cVD9VxxwYqL2c96pKPshI1Xi8zYdnER1QevCjmHqGEFVhTExXZ2mDa%2FfaTf783JSQW5tELXh94xQsXAa%2B5FaEA7Ilt3jxZdk3EgNoV%2Fh9It6%2Bexj2XnQDV91jXlUbpwNO6kyYjYQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82c37287df719a05-FRA

GET
H2 200 gd-sage-bold.woff2
img6.wsimg.com/ux/fonts/gd-sage/1.0/ 39 KB
40 KB 32ms
30ms Font
application/font-woff2 23.53.42.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/ux/fonts/gd-sage/1.0/gd-sage-bold.woff2
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be

Request headers

Referer: http://email-godaddy-zwebmail.glitch.me/
Origin: http://email-godaddy-zwebmail.glitch.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:18:27 GMT
last-modified: Thu, 04 Apr 2019 17:08:28 GMT
x-akamai-ew-subworker: 8096267
etag: "36811569ebd41:0"
x-edgeconnect-cache-status: 1
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701015507209_389360335_545536877_187_1056_24_0_219";dur=1
accept-ranges: bytes
timing-allow-origin: *
content-length: 40132

GET
H2 200 gdsherpa-vf.woff2
img6.wsimg.com/ux/fonts/sherpa/2.0/ 43 KB
43 KB 40ms
39ms Font
application/font-woff2 23.53.42.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/ux/fonts/sherpa/2.0/gdsherpa-vf.woff2
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec

Request headers

Referer: http://email-godaddy-zwebmail.glitch.me/
Origin: http://email-godaddy-zwebmail.glitch.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:18:27 GMT
last-modified: Fri, 28 Jun 2019 11:19:54 GMT
etag: "029e468a32dd51:0"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: max-age=2592000
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701015507209_389360335_545536878_180_1184_24_0_219";dur=1
accept-ranges: bytes
timing-allow-origin: *
content-length: 43596

GET
H2 200 uxcore2.min.css
img6.wsimg.com/wrhs/7c4a123069c201ce75da66eda7f84144/ 197 KB
24 KB 30ms
29ms Stylesheet
text/css 23.53.42.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/7c4a123069c201ce75da66eda7f84144/uxcore2.min.css
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2cef3bf6ee3a1b2453c003386edf6f3910d3bc5f2877b92293feb31630feb7a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://email-godaddy-zwebmail.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: ISnz6sZZAKWizMhQpvPrF0lf5xhB_szy
content-encoding: br
date: Sun, 26 Nov 2023 16:18:27 GMT
x-amz-request-id: 0KB0MMCBWW4XVDBC
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701015507202_389360335_545536873_23_1236_25_0_255";dur=1
content-length: 24301
x-amz-id-2: jgGIfGMibe2nHMAYklXrNfHI6+SNkWDg2xwjy6DpWXLsXCM368l6S/haoYhRe5AGjJ9y8tuWzH0=
last-modified: Mon, 16 Oct 2023 01:24:10 GMT
etag: "5d1957ac324416a4182d601710634bfa"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 utilityheader.min.css
img6.wsimg.com/wrhs/85b267d197afda6bb67889db163a4058/ 64 KB
11 KB 38ms
37ms Stylesheet
text/css 23.53.42.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://img6.wsimg.com/wrhs/85b267d197afda6bb67889db163a4058/utilityheader.min.css
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.53.42.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-53-42-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7e57ed63496f98e78eb0b722cb60b34fbb33dbb463c9dc905cc8b09890629e24

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://email-godaddy-zwebmail.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: JpB.D3PxSWevyG133zdHd8LOyXXHghH9
content-encoding: br
date: Sun, 26 Nov 2023 16:18:27 GMT
x-amz-request-id: 1PGT0190EB923ACB
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1701015507202_389360335_545536874_23_1254_25_0_255";dur=1
content-length: 10981
x-amz-id-2: lPDdxCZxz8ML0R0GnzE14gSQANDcY8nmMDqPJtIlEWlNPMtpKAxud1JEek6hx1zmhKYugwf7Z6dNFILp7diP6w==
last-modified: Mon, 30 Oct 2023 12:17:53 GMT
etag: "ec21b03bf866306593419393f91a86ed"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 new.css
cdn.jsdelivr.net/gh/oimage/goc@main/ 31 KB
8 KB 35ms
34ms Stylesheet
text/css 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/oimage/goc@main/new.css

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d53eb58a19d355efa60e9af817b296beeee2758c1f6cdbf195b42e6a6491c4a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://email-godaddy-zwebmail.glitch.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 16:18:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-encoding: br
x-jsd-version: main
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230052-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"7b3a-51xzMQTLEMwdi78BZfzFGDLNums"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dL%2B6WQMb0PpJNaYcoJ1yyfkfe%2FjM7zxX667wsWx2UrFlP2iTY4xdH5yfUheTepFOUPy%2B%2FP2I2NP9C14SQ4WONy3S274Jjzlg2GU0kGLLer%2FZNnil83opqUTPV4KGpmS0jYgKqSiHAnmhEDR76p4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82c372880fcc9a05-FRA

GET
H2 200 jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
33 KB 8ms
8ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: http://email-godaddy-zwebmail.glitch.me/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sun, 26 Nov 2023 16:18:27 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 6213304
x-cache: HIT, HIT
content-length: 33202
x-served-by: cache-lga21922-LGA, cache-fra-eddf8230128-FRA
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1701015507.206971,VS0,VE0
etag: W/"28feccc0-1762a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 45, 156924

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: GoDaddy (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-1.11.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-1.11.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-1.11.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://cdn.jsdelivr.net/gh/conticons/go@main/go.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-1.11.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
email-godaddy-zwebmail.glitch.me
img6.wsimg.com
23.53.42.211
2606:4700::6810:5814
2a04:4e42:400::649
34.225.219.45
0e00420d6c8c27bdcfc5e0a98627c57e73b3e146f986427ac39dd9047c2c1826
2cef3bf6ee3a1b2453c003386edf6f3910d3bc5f2877b92293feb31630feb7a1
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
7e57ed63496f98e78eb0b722cb60b34fbb33dbb463c9dc905cc8b09890629e24
89e3135e8430b71c9470eebafc1bb498233cdde661240a03d3e864fb59a890be
90de56f7ac1245d3b02fb924b4131d97a4697e66696deedbc184c0066e76db46
d53eb58a19d355efa60e9af817b296beeee2758c1f6cdbf195b42e6a6491c4a3

email-godaddy-zwebmail.glitch.me Open in urlscan Pro 34.225.219.45 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

88 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

360 kBTransfer

1042 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

email-godaddy-zwebmail.glitch.me Open in urlscan Pro
34.225.219.45 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

88 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

360 kB
Transfer

1042 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!