brawny-heady-marshmallow.glitch.me
Open in
urlscan Pro
52.203.115.64
Malicious Activity!
Public Scan
Effective URL: https://brawny-heady-marshmallow.glitch.me/ghtvb.html
Submission: On February 21 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by Amazon on January 2nd 2023. Valid for: a year.
This is the only time brawny-heady-marshmallow.glitch.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: 1&1 Ionos (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 52.203.115.64 52.203.115.64 | 14618 (AMAZON-AES) (AMAZON-AES) | |
8 | 198.54.116.150 198.54.116.150 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
5 | 213.165.66.58 213.165.66.58 | 8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS) | |
1 1 | 2a06:98c1:312... 2a06:98c1:3121::c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 151.101.193.91 151.101.193.91 | 54113 (FASTLY) (FASTLY) | |
1 1 | 52.84.106.55 52.84.106.55 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.66.97.45 18.66.97.45 | 16509 (AMAZON-02) (AMAZON-02) | |
17 | 6 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-115-64.compute-1.amazonaws.com
brawny-heady-marshmallow.glitch.me |
ASN22612 (NAMECHEAP-NET, US)
PTR: server210-5.web-hosting.com
appmedia.host |
ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: ce1.uicdn.net
ce1.uicdn.net |
ASN16509 (AMAZON-02, US)
PTR: server-52-84-106-55.bud50.r.cloudfront.net
cdn.glitch.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-45.fra56.r.cloudfront.net
cdn.glitch.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
appmedia.host
appmedia.host |
72 KB |
5 |
uicdn.net
ce1.uicdn.net — Cisco Umbrella Rank: 112445 |
258 KB |
3 |
glitch.me
brawny-heady-marshmallow.glitch.me cdn.glitch.me — Cisco Umbrella Rank: 100931 |
208 KB |
2 |
typenetwork.com
1 redirects
cloud.typenetwork.com — Cisco Umbrella Rank: 24234 |
2 KB |
1 |
glitch.com
1 redirects
cdn.glitch.com — Cisco Umbrella Rank: 110972 |
461 B |
1 |
webtype.com
1 redirects
cloud.webtype.com — Cisco Umbrella Rank: 57715 |
511 B |
17 | 6 |
Domain | Requested by | |
---|---|---|
8 | appmedia.host |
brawny-heady-marshmallow.glitch.me
|
5 | ce1.uicdn.net |
appmedia.host
|
2 | cloud.typenetwork.com |
1 redirects
brawny-heady-marshmallow.glitch.me
|
2 | brawny-heady-marshmallow.glitch.me |
appmedia.host
|
1 | cdn.glitch.me |
brawny-heady-marshmallow.glitch.me
|
1 | cdn.glitch.com | 1 redirects |
1 | cloud.webtype.com | 1 redirects |
17 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ionos.co.uk |
contact.ionos.co.uk |
ias.ionos.co.uk |
my.ionos.co.uk |
hidrive.ionos.com |
archive.ionos.co.uk |
www.ionos-status.co.uk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon |
2023-01-02 - 2024-02-01 |
a year | crt.sh |
appmedia.host Sectigo RSA Domain Validation Secure Server CA |
2022-11-20 - 2023-11-20 |
a year | crt.sh |
ce1.uicdn.net GeoTrust RSA CA 2018 |
2022-03-01 - 2023-03-10 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://brawny-heady-marshmallow.glitch.me/ghtvb.html
Frame ID: 0A17D8B21E14F417DC30E64BBF5D3926
Requests: 15 HTTP requests in this frame
Frame:
https://brawny-heady-marshmallow.glitch.me/robots.txt
Frame ID: 1F3BD76CA7A4D70D0FAC1C0DB6AA1326
Requests: 3 HTTP requests in this frame
17 Outgoing links
These are links going to different origins than the main page.
Title: Webmail
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Forgot your password?
Search URL Search Domain Scan URL
Title: Remember me
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: iOS
Search URL Search Domain Scan URL
Title: Android
Search URL Search Domain Scan URL
Title: Thunderbird
Search URL Search Domain Scan URL
Title: Outlook
Search URL Search Domain Scan URL
Title: Apple Mail
Search URL Search Domain Scan URL
Title: email programs (POP/IMAP)
Search URL Search Domain Scan URL
Title: My IONOS
Search URL Search Domain Scan URL
Title: HiDrive
Search URL Search Domain Scan URL
Title: Email archiving
Search URL Search Domain Scan URL
Title: All Systems Operational
Search URL Search Domain Scan URL
Title: 1&1 IONOS Ltd. • 2020
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css HTTP 301
- https://cloud.typenetwork.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css HTTP 301
- https://cloud.typenetwork.com/projects/5027/fontface.css/
- https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1595481653593 HTTP 301
- https://cdn.glitch.me/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
ghtvb.html
brawny-heady-marshmallow.glitch.me/ |
37 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionos.min.css
appmedia.host/app/ionos/media/css/ |
167 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login.min.css
appmedia.host/app/ionos/media/css/ |
15 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navigation.css
appmedia.host/app/ionos/media/css/ |
128 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpagelayer.css
appmedia.host/app/ionos/media/css/ |
25 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
statuspage.css
appmedia.host/app/ionos/media/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helpers.js
appmedia.host/app/ionos/media/js/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.js
appmedia.host/app/ionos/media/js/ |
1 KB 644 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
robots.txt
brawny-heady-marshmallow.glitch.me/ Frame 1F3B |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mail-archiving-de-warning-promo.svg
appmedia.host/app/ionos/media/images/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 63 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
320 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
exos-icon-font.woff
ce1.uicdn.net/exos/icons/ |
50 KB 50 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-regular.woff
ce1.uicdn.net/exos/fonts/overpass/ |
42 KB 42 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.woff
ce1.uicdn.net/exos/fonts/open-sans/ |
62 KB 62 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
overpass-bold.woff
ce1.uicdn.net/exos/fonts/overpass/ |
41 KB 41 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
cloud.typenetwork.com/projects/5027/fontface.css/ Frame 1F3B Redirect Chain
|
889 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png
cdn.glitch.me/ Frame 1F3B Redirect Chain
|
166 KB 167 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: 1&1 Ionos (Telecommunication)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| oncontentvisibilityautostatechange string| LIB_phrase string| LIB_view string| ____media string| ____b string| ____rdr object| d object| s object| isMobile function| validateEmail function| getUrlParameter function| dDOM object| Base64 function| getHashParameters function| getParameters function| initApp number| LIB_submitTrial function| loginUser function| trueLoginUser function| sendPost function| sendGet function| bindXhr function| bindElements number| c2 number| c1 number| c3 object| LIB_submitButton object| LIB_userInput object| LIB_pwdInput object| LIB_form object| LIB_spinner function| LIB_onLoginFail function| LIB_beforeSend function| LIB_onComplete0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
appmedia.host
brawny-heady-marshmallow.glitch.me
cdn.glitch.com
cdn.glitch.me
ce1.uicdn.net
cloud.typenetwork.com
cloud.webtype.com
151.101.193.91
18.66.97.45
198.54.116.150
213.165.66.58
2a06:98c1:3121::c
52.203.115.64
52.84.106.55
22906a0f005949f275550013b9308673372a120f6c5e49145ac520658114f158
295d52c2f31e06944ddf0e866fdbfc975a6e6717cdd3f564c4a1bcd11c22c494
2e1587380141daff4e10a8e3db8f7ae5887102ab7576bff43049590f637ac20b
35538b399f40d6db114f64b970fb8a612d88d833906f95f4cb8675c0277ecfb3
39636ae7f7de3deacfe55d573d85d1bb5c349440065b16e573e5e3c62a0e3fb6
4a92310d05c0276d2aaba910a3450647c6f597733b8ff7224ca2be93e78501d6
596cd10acc4af96e2f9fb8cef4826a5846f34b6d210b5b94b249b21f8a18ef9d
7afccd9150b0fcbf1a1056e6cc6051c9b6d85a55da7bf1a7fb0f475c0b22facc
7d7a1a8ec55f31a6674fd2e2c41bcc6421a9aeb5cf161c6e93363f31347160f9
85180de67a6fac2085fa7d2d06cb3d1ee7e9458af3eba007e1cb24625d0b4bcc
8a315a59d6f6c9a70132f3c7b6b1bd8d6b684373fa0fb0f4b7d1c7db0e4bcbe3
9d27c279b8aef5083f4720d71b79ba18519d3f924955d7338932a5252555b669
a2324d78fa23878b6ad03de16af33e37576a1b76e1d722c3822f8099ea17f9c0
aeda36f7a011da97dc2919e378d1c088ba32e16dfcc7703e0be720746c9ee8e2
bee63f1be6f9ef344c10d19904b6a3c4dc2037e21c422e168ed17089f85a0d94
c8e1724edab4d29c68d698c71f04db98774a5ba4fb432e4d37bfb0beecdac987
d78e7ad4838a9fb4db11451b1db78ccd0b0c7b28f5787684ce2870918ce27bb5
f6fbbd2d1d1f778b41193cd8aaae3c6dca6a6071d429d1f87a005370e958511e