elemental-lofty-acorn.glitch.me

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 35.175.8.217, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is elemental-lofty-acorn.glitch.me.

This is the only time elemental-lofty-acorn.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Office 365 (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	35.175.8.217 35.175.8.217	14618 (AMAZON-AES) (AMAZON-AES)
1	87.98.131.218 87.98.131.218	16276 (OVH) (OVH)
4	3

3 35.175.8.217 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-175-8-217.compute-1.amazonaws.com

elemental-lofty-acorn.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.98.131.218 (France)

ASN16276 (OVH, FR)
PTR: dns60.hndservers.net

kitab-markaz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	glitch.me elemental-lofty-acorn.glitch.me	99 KB
1	kitab-markaz.com kitab-markaz.com	360 B
4	2

	Domain	Requested by
3	elemental-lofty-acorn.glitch.me	elemental-lofty-acorn.glitch.me
1	kitab-markaz.com	elemental-lofty-acorn.glitch.me
4	2

This site contains no links.

Subject Issuer	Validity	Valid
kitab-markaz.com cPanel, Inc. Certification Authority	`2022-03-27` - `2022-06-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://elemental-lofty-acorn.glitch.me/
Frame ID: 840A941CD74CFE99B510714181726338
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Page Statistics

4
Requests

25 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

99 kB
Transfer

126 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response elemental-lofty-acorn.glitch.me/	6 KB 6 KB	243ms 136ms	Document text/html	35.175.8.217 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://elemental-lofty-acorn.glitch.me/ Protocol HTTP/1.1 Server 35.175.8.217 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-175-8-217.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `fa1117229fb32257d0c1081c8b4875e1919ba4cae3dd5d5487ec2d94afe1cbd0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Length 6040 Content-Type text/html; charset=utf-8 Date Fri, 10 Jun 2022 05:14:33 GMT accept-ranges bytes cache-control no-cache etag "875256a6f63e63a6dcff27e331661e66" last-modified Thu, 09 Jun 2022 21:25:45 GMT server AmazonS3 x-amz-id-2 KL3DT0q5HSrSNNgH7P/Qj8q/3gHrZDAZ2bOWwfQpxXDJFCl2dAxGz+iZoG6VrJkTn+hZ9MvozwA= x-amz-request-id K67EKB9D3P4M5ESD x-amz-version-id YsbTxrf.YTJQhf_2B7JW3q2RdpSuRJFP
GET H/1.1	200 OK	style.js Show response elemental-lofty-acorn.glitch.me/	33 KB 33 KB	194ms 194ms	Script application/javascript	35.175.8.217 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://elemental-lofty-acorn.glitch.me/style.js Requested by Host: elemental-lofty-acorn.glitch.me URL: http://elemental-lofty-acorn.glitch.me/ Protocol HTTP/1.1 Server 35.175.8.217 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-175-8-217.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `6acb8d18ae1e044398cee0c5416ac44286ed3dcddcbceacdc2f65ac137b3e05b` Request headers accept-language de-DE,de;q=0.9 Referer http://elemental-lofty-acorn.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Fri, 10 Jun 2022 05:14:33 GMT last-modified Thu, 09 Jun 2022 21:25:45 GMT server AmazonS3 x-amz-request-id K67AHGWWX6NYX9SP etag "1adf0e93054b0761ef9290c87f880203" Content-Type application/javascript; charset=utf-8 cache-control no-cache Content-Length 33753 Connection keep-alive accept-ranges bytes x-amz-version-id Nw8TxrWetNzTmDCPy_kWcJ6GvQi9ORHt x-amz-id-2 Mk8b1zr5paR50bV41PKxw4iEuuDknSknORBovT3K2hv/OgvuLml2TFHmGGSAAQ4iZb1sx7r9M7c=
GET H/1.1	200 OK	style.css elemental-lofty-acorn.glitch.me/	59 KB 59 KB	254ms 156ms	Stylesheet text/css	35.175.8.217 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://elemental-lofty-acorn.glitch.me/style.css Requested by Host: elemental-lofty-acorn.glitch.me URL: http://elemental-lofty-acorn.glitch.me/ Protocol HTTP/1.1 Server 35.175.8.217 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-35-175-8-217.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `abd513df21fd571023c67320eec8da3a0f6f9d25ab3b2d22ef84cd0bf90e5e42` Request headers accept-language de-DE,de;q=0.9 Referer http://elemental-lofty-acorn.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Date Fri, 10 Jun 2022 05:14:33 GMT last-modified Thu, 09 Jun 2022 21:25:45 GMT server AmazonS3 x-amz-request-id K67B67GAS4EFK9PY etag "0aa708140861a8b8592288794852716d" Content-Type text/css; charset=utf-8 cache-control no-cache Content-Length 60233 Connection keep-alive accept-ranges bytes x-amz-version-id mHEGBuT02OnwbXncfk.V9WI0IrcA79.u x-amz-id-2 xtO+RCWLQYhB8qOGXYnEbbEbrpBgG2aT7bjTqHGqF63z/sek7BQ4m9mwZXLvqadUSNParH77tYc=
POST H2	200	send.php Show response kitab-markaz.com/Gxp/VrQ1/	465 B 360 B	1783ms 1041ms	XHR text/html	87.98.131.218 OVH
General Check archive.org Show headers Download Go to Full URL https://kitab-markaz.com/Gxp/VrQ1/send.php Requested by Host: elemental-lofty-acorn.glitch.me URL: http://elemental-lofty-acorn.glitch.me/style.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 87.98.131.218 , France, ASN16276 (OVH, FR), Reverse DNS dns60.hndservers.net Software Apache / Resource Hash `e66d8f1437eaead687a5714763f5baa36c9955f8e3e02a7f344368b3f49b4e44` Request headers Referer http://elemental-lofty-acorn.glitch.me/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers access-control-allow-origin * date Fri, 10 Jun 2022 05:14:34 GMT content-encoding gzip server Apache vary Accept-Encoding content-type text/html; charset=UTF-8
GET DATA	200 OK	truncated /	28 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36` Request headers accept-language de-DE,de;q=0.9 Referer http://elemental-lofty-acorn.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Office 365 (Online)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

elemental-lofty-acorn.glitch.me
kitab-markaz.com
35.175.8.217
87.98.131.218
6acb8d18ae1e044398cee0c5416ac44286ed3dcddcbceacdc2f65ac137b3e05b
8b4defd065d7ff9fbe6c45e74f2ada9660724d3c80db586bf3adb82dd0c37f36
abd513df21fd571023c67320eec8da3a0f6f9d25ab3b2d22ef84cd0bf90e5e42
e66d8f1437eaead687a5714763f5baa36c9955f8e3e02a7f344368b3f49b4e44
fa1117229fb32257d0c1081c8b4875e1919ba4cae3dd5d5487ec2d94afe1cbd0

elemental-lofty-acorn.glitch.me Open in urlscan Pro 35.175.8.217 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

4 Requests

25 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

99 kBTransfer

126 kBSize

0 Cookies

0 Outgoing links

Redirected requests

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

28 JavaScript Global Variables

0 Cookies

Indicators

elemental-lofty-acorn.glitch.me Open in urlscan Pro
35.175.8.217 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

4
Requests

25 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

99 kB
Transfer

126 kB
Size

0
Cookies

4 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!