chestnut-curse-hedgehog.glitch.me
Open in
urlscan Pro
52.22.118.126
Malicious Activity!
Public Scan
Effective URL: https://chestnut-curse-hedgehog.glitch.me/rmd.html
Submission: On March 26 via manual from US
Summary
TLS certificate: Issued by Amazon on January 18th 2021. Valid for: a year.
This is the only time chestnut-curse-hedgehog.glitch.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.22.118.126 52.22.118.126 | 14618 (AMAZON-AES) (AMAZON-AES) | |
2 10 | 192.64.116.248 192.64.116.248 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE) | |
10 | 3 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-118-126.compute-1.amazonaws.com
chestnut-curse-hedgehog.glitch.me |
ASN22612 (NAMECHEAP-NET, US)
PTR: svr.dkssvr1.host
offiiccework.eloden.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
eloden.xyz
2 redirects
offiiccework.eloden.xyz |
143 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
glitch.me
chestnut-curse-hedgehog.glitch.me |
7 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
10 | offiiccework.eloden.xyz |
2 redirects
chestnut-curse-hedgehog.glitch.me
offiiccework.eloden.xyz |
1 | ajax.googleapis.com |
offiiccework.eloden.xyz
|
1 | chestnut-curse-hedgehog.glitch.me | |
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon |
2021-01-18 - 2022-02-15 |
a year | crt.sh |
www.offiiccework.eloden.xyz R3 |
2021-03-25 - 2021-06-23 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-11 - 2021-06-03 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://chestnut-curse-hedgehog.glitch.me/rmd.html
Frame ID: C7E73DF9B3C166B2D244B85926941B17
Requests: 1 HTTP requests in this frame
Frame:
https://offiiccework.eloden.xyz/tempfile/77851072d8/login.php?SesIN=cbe7e04fce47ca2532d0e36b1a5f2dcd&f=77851072d8&session=1616776245
Frame ID: A66A609D9393F412738FADD568BBE7D8
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://offiiccework.eloden.xyz/ HTTP 302
- https://offiiccework.eloden.xyz/tempfile/77851072d8/ HTTP 302
- https://offiiccework.eloden.xyz/tempfile/77851072d8/login.php?SesIN=cbe7e04fce47ca2532d0e36b1a5f2dcd&f=77851072d8&session=1616776245
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
rmd.html
chestnut-curse-hedgehog.glitch.me/ |
6 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.php
offiiccework.eloden.xyz/tempfile/77851072d8/ Frame A66A Redirect Chain
|
29 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.v2.login.min.css
offiiccework.eloden.xyz/tempfile/77851072d8/assets/ Frame A66A |
101 KB 102 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
offiiccework.eloden.xyz/tempfile/77851072d8/assets/ Frame A66A |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_left.svg
offiiccework.eloden.xyz/tempfile/77851072d8/assets/ Frame A66A |
513 B 821 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis.svg
offiiccework.eloden.xyz/tempfile/77851072d8/assets/ Frame A66A |
900 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_grey.svg
offiiccework.eloden.xyz/tempfile/77851072d8/assets/ Frame A66A |
915 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
postscript.js
offiiccework.eloden.xyz/tempfile/77851072d8/assets/ Frame A66A |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ Frame A66A |
87 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.svg"
offiiccework.eloden.xyz/tempfile/77851072d8/"assets/ Frame A66A |
251 B 251 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| s string| m function| makeid0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
chestnut-curse-hedgehog.glitch.me
offiiccework.eloden.xyz
192.64.116.248
2a00:1450:4001:809::200a
52.22.118.126
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
240bb5985236408eac021d69adfe0ab7674a17cd4833813f9f8ca9ce00de1e5e
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
475d1c26b7cbd089af72df2f8fa6fbcb154dd37f8426a211c65e0e9edb88d0a7
5d126cd9f0f7871edbbb4b74d9ae1998c510c66c23424aad41f1597c3b7cac0e
61d7ccc5d2c41bf86be6cefb0063405067849ba64e9f219f60596ef09a54a942
b861bc3f7e41c969f1f479b43f7b11323d8644def41ddbaa2010418e07f7e462
c74585444c6b19a3c5a5a8fed1371c9679e1c20965e88078bc7cd7597aab95b6
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d