Report - flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html

Report Overview

Submitted URL
flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html
IP
44.214.198.122
ASN
#14618 AMAZON-AES
Submitted
2024-04-24 17:41:55
Access
public
Website Title
Navy Federal Credit Union - Our Members are the Mission®
Final URL
flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html
Tags
phishing
urlquery detections
Phishing - Generic phishing

Detections

urlquery
2
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
i.ibb.co	13485	2010-07-20	2018-11-25	2024-04-24	444 B	3.6 kB	162.19.58.156
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-23	512 B	6.5 kB	35.244.181.201
flame-quartz-arthropod.glitch.me	unknown	unknown	No data	No data	531 B	2.9 MB	44.214.198.122
l2.io	163527	2012-05-12	2015-06-25	2024-04-18	413 B	226 B	195.80.159.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-23	medium	flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html	Navy Federal Credit Union

PhishTank

Scan Date	Severity	Indicator	Alert
2024-04-24	medium	flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html	Navy Federal Credit Union

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	unknown	2.1 kB	2023-05-02	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-02 13:46:36 Last Seen2024-04-27 19:20:20 Times Seen41 Hash 22a12a3b557763175102dfe4a61a3831 46e3831f7a726d80653e368268d22c871addf7b8 0239551037950476c8ab8fd1d6a70dddb04420df93f24f94287f3fc22184a7ff Loading...

	unknown	1.4 kB	2024-03-10	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-10 05:08:25 Last Seen2024-04-27 19:20:20 Times Seen20 Hash a6485df25522e734ece89d44f5192182 84831676aad0749f214b8a271350b88f41d682b0 4901003a94c7d66dfd9423113b1b6476e1ddcb929214e1a88bee81a60399f70d Loading...

	unknown	1.2 kB	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:54 Last Seen2024-04-27 19:20:20 Times Seen22 Hash 451082112adbcaa0f96d0ccf6159d236 ac75db5f33a3d2568e09838bb5fc06339a788250 ff2ab4ef0722ae11ee994a11dcb62642f157b26ce3bb53c27cd31345d728a09e Loading...

	unknown	1.9 kB	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:54 Last Seen2024-04-27 19:20:20 Times Seen22 Hash d7caee8b8ed100a471a6991b4938dbe9 04c3d13165bbd7c98cc820f09a94766d7b7d81db 9a78b4a100bfc196b36d5f0968d7ae3fce5d9ef57ebfd1c790b86261ccef493f Loading...

	unknown	1.3 kB	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:54 Last Seen2024-04-27 19:20:20 Times Seen22 Hash 6b63d78a580e25493d0ac3df562c66a7 640709466d9d8b6fc0ff2f7aaca5a9d8f70cb04b 41f78f83acf80ebba7fe4f3095f16c40c9f3d79b9b748b75cdcf2a6710f711e5 Loading...

	unknown	406 B	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:53 Last Seen2024-04-27 19:20:20 Times Seen22 Hash 536030d53c48e239dc07f2669fa875ca 067ee8ffcc57162eb71e4b5ae8e217288f97f359 4953ef19ae5643a8b4d96cc0878117e89c71618e677bb893325d757f3afb1c14 Loading...

	unknown	1.4 kB	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:54 Last Seen2024-04-27 19:20:20 Times Seen22 Hash d88d964b75ef877ec3142869afbb3b20 177ad6cd2f4fd2c5c28442d240eec0726eda7159 50c872bd6951f719d8b58b50b083d39eb29c38843da43a92a8926ede7468f8dd Loading...

	unknown	1.1 kB	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:53 Last Seen2024-04-27 19:20:20 Times Seen22 Hash 41d10cf78fea5079a9f556ce64c85c2c b21b49bc0c046a00f2ada8c760bd99430cb4ae51 3c4f915c6554c7337e27cede5f431d039796aa5d3cc38bdb4af2a256dda4887c Loading...

	unknown	27 B	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:53 Last Seen2024-04-27 19:20:20 Times Seen22 Hash d70811f801c18a02a8a45e0a2fb8e285 65c94cf370752cafcd2fa13d7858a8dcaaf1913d e5164c0bc961b6736f683f0b8b3342f8078a40847386c53855928a023d67398b Loading...

	unknown	855 B	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:54 Last Seen2024-04-27 19:20:20 Times Seen22 Hash f0b4c83f13555111fd941ae49c51ba9c 33e6efdbfd77dc5f21fbf7fff104ee3c945c0d7c 3459ff87dc78660cfdb5f099a285621181f52214dc3addfe202dd943859cd625 Loading...

	flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html	2.9 MB	2024-03-10	2024-04-27
Pretty URL flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html IP 44.214.198.122 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-10 05:08:26 Last Seen2024-04-27 19:20:20 Times Seen20 Hash 08f46cf3a7b0f8d955b32bc5a0dd1dae 05e7342048b7430dc7f1d96734254c3f4f9118c2 d2bb5aabb5c895301745ee0b9b066d3bd366e9cc2c0e236ea4dab91b2a2ba498 Loading...

	l2.io/ip.js?var=userip	24 B	2023-03-07	2024-05-05
Pretty URL l2.io/ip.js?var=userip IP 195.80.159.133 ASN #29152 Decknet S.a.r.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-05-05 15:53:33 Times Seen1583 Hash f9dc91b3feea65bd389a2f5b57306c32 147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77 Loading...

	unknown	84 B	2024-02-28	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-28 14:08:53 Last Seen2024-04-27 19:20:20 Times Seen22 Hash 5045f30f13b12972406a3b4d3e37c2d1 d90a1d1c9a4de48ca9e2b71817bb08d3028057a4 eb57a08633e2e4b6d6695a29bdac5509af27656adceb164d76c82670809bfb85 Loading...

		Size	First Seen	Last Seen
	#1 Write - f44ec0214db6981e82a4c9e47a43340f	953 kB	2024-03-10	2024-04-27
Pretty Observations First Seen2024-03-10 05:08:26 Last Seen2024-04-27 19:20:20 Times Seen15 Hash f44ec0214db6981e82a4c9e47a43340f 5ba100f762b5ec90202cd57a099cd7d47d807c47 87522589cae3dbd8d327c9d58ef5d907d64dd684e4d78fec4f978c94687c0459 Loading...

HTTP Transactions (4)

URL IP Response Size

flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html

44.214.198.122

200 OK

2.9 MB

URL User Request GET HTTP/2
flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html
IP
44.214.198.122:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (65465)
Size
2.9 MB (2858136 bytes)
Hash
2bb84e5533d51ed479a68bb2b0db1085
7f24c6cc194ab6688ec6f51d4ca58c15ef67e180
6e503b97ef77a2d10686d4768af7f7d9ab542c83f381f8643c63d9763600aa76

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Navy Federal Credit Union
PhishTank	phishing	Navy Federal Credit Union

HTTP Headers

GET /public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html HTTP/1.1
Host: flame-quartz-arthropod.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 24 Apr 2024 17:41:29 GMT
content-type: text/html; charset=utf-8
content-length: 2858136
x-amz-id-2: C3RY+rhRT0XKmcorsHlyRV+fMVWmcxIDCFuzU26L8Y+JQIYv3daABnAGMNSgDGaFcarKh35hdwI=
x-amz-request-id: 6ZD5M0N132BXG82X
last-modified: Mon, 22 Apr 2024 16:51:05 GMT
etag: "2bb84e5533d51ed479a68bb2b0db1085"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

l2.io/ip.js?var=userip

195.80.159.133

200 OK

24 B

URL GET HTTP/1.1
l2.io/ip.js?var=userip
IP
195.80.159.133:443
ASN
#29152 Decknet S.a.r.l.

Requested by
https://flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html
Certificate
IssuerLet's Encrypt
Subjectl2.io
Fingerprint1D:F0:67:A9:3B:A0:37:E5:4C:88:AD:B8:EA:EE:A3:BB:A1:84:53:A7
ValidityTue, 05 Mar 2024 09:52:38 GMT - Mon, 03 Jun 2024 09:52:37 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
f9dc91b3feea65bd389a2f5b57306c32
147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e
d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77

HTTP Headers

GET /ip.js?var=userip HTTP/1.1
Host: l2.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flame-quartz-arthropod.glitch.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 24 Apr 2024 17:41:31 GMT
Server: Apache/2.4.38 (Debian)
Content-Length: 24
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

i.ibb.co/RpLNy4f/ajax-loader.gif

162.19.58.156

200 OK

3.2 kB

URL GET HTTP/2
i.ibb.co/RpLNy4f/ajax-loader.gif
IP
162.19.58.156:443
ASN
#16276 OVH SAS

Requested by
https://flame-quartz-arthropod.glitch.me/public/NF6ZYO3U0ETRC6UIA5BRREAKTD8CH9OE.html
Certificate
IssuerLet's Encrypt
Subjectibb.co
Fingerprint0C:8B:6F:2F:B8:9F:91:1E:3A:DD:B1:1B:45:47:B4:65:FD:56:73:3D
ValidityMon, 22 Apr 2024 06:29:44 GMT - Sun, 21 Jul 2024 06:29:43 GMT

File type
GIF image data, version 89a, 32 x 32
Size
3.2 kB (3208 bytes)
Hash
be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

HTTP Headers

GET /RpLNy4f/ajax-loader.gif HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://flame-quartz-arthropod.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 17:41:31 GMT
content-type: image/gif
content-length: 3208
last-modified: Tue, 02 Mar 2021 22:27:30 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
gzip compressed data, max speed, from Unix
Size
5.8 kB (5759 bytes)
Hash
aa33725c2d0a3d1c2f9c878d64914807
6e83d13ec860384a977738b04ff0891a01ab519a
fe412eadb3dc9820ec6cab7cb62349be057c509e34f7e2de6d23b28eacc98bfd

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 17:41:48 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=SCP_Yd-mis9E6NSVXjxjsluI7XznnLqAyofxLkDtzN7XN6ZJZi5P_ohoObrlXH8f0-A4q4_yXPd9fiFxb7hNtiC2ddQr4BZHI7_ayTkmHc_ScAeOkuC6rcMZafWyj1bK
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash