Report - cobalt-sustaining-accelerator.glitch.me/zip.html

Report Overview

Visited public
2023-11-11 11:59:33
Tags
URL
cobalt-sustaining-accelerator.glitch.me/zip.html
Finishing URL
cobalt-sustaining-accelerator.glitch.me/zip.html
IP / ASN
18.233.215.199
#14618 AMAZON-AES
Title
info

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-11-11 10:06:29	457 B	3.5 kB	142.250.74.106
cobalt-sustaining-accelerator.glitch.me	unknown	2008-07-18	2023-11-10 20:44:32	2023-11-11 02:15:16	999 B	7.9 kB	54.236.174.139
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-11-11 11:49:28	585 B	20 kB	216.58.207.227
i.postimg.cc	23840	2016-06-11	2018-04-11 12:01:12	2023-11-11 05:17:05	452 B	5.3 kB	162.19.88.69

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-11 11:59:15	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-11 11:59:15	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-11 11:59:15	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-11 11:59:15	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-11 11:59:15	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-11 11:59:15	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-11 11:59:16	medium	Client IP	54.236.174.139	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2023-11-11 11:59:16	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-11-11 11:59:16	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-11-11 11:59:17	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-11 11:59:17	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-10	medium	cobalt-sustaining-accelerator.glitch.me/zip.html	Coinbase

PhishTank

Scan Date	Severity	Indicator	Alert
2023-11-11	medium	cobalt-sustaining-accelerator.glitch.me/zip.html	Coinbase

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

cobalt-sustaining-accelerator.glitch.me/zip.html

54.236.174.139

200 OK

3.6 kB

URL User Request GET HTTP/2
cobalt-sustaining-accelerator.glitch.me/zip.html
IP
54.236.174.139:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint13:93:2D:E4:50:7E:CE:BA:BC:F9:6D:7E:86:7F:43:5D:8E:63:45:3E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
3.6 kB (3645 bytes)
Hash
786756b9b263e1d2bfbdc45942bc6b50
103aab02b77d1ae3973527fcdbcf1d8d83a083d0
0db79d507869aa52773ab1a44c64e87bb0d2891fd66d5bc97be39bf0bdb062e0

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Coinbase
PhishTank	phishing	Coinbase

HTTP Headers

GET /zip.html HTTP/1.1
Host: cobalt-sustaining-accelerator.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 11 Nov 2023 11:59:16 GMT
content-type: text/html; charset=utf-8
content-length: 3645
x-amz-id-2: odiBcFYMyWdaPyxcBYVpdrURaUfEyksaNcHxkJ7ZpW8BR/K3MsvbmsfZA+NXwqGF8+5J8jzltrE=
x-amz-request-id: 6H60MEQE181WZN75
last-modified: Mon, 06 Nov 2023 15:08:25 GMT
etag: "786756b9b263e1d2bfbdc45942bc6b50"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: 1FUzUTVa_dCAr__i1F0VKmmkKYHGMuyH
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

216.58.207.227

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://cobalt-sustaining-accelerator.glitch.me/zip.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintEB:59:E9:F3:0F:CE:D8:1A:8C:BB:EE:7D:2E:B7:B8:39:73:7A:CE:28
ValidityMon, 16 Oct 2023 08:10:00 GMT - Mon, 08 Jan 2024 08:09:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18664, version 1.0\012- data
Size
19 kB (18664 bytes)
Hash
8d1c44b2bf75a4e6f1bd141f9a965f4f
1e5dfdb7ca5ee8e823f9f5787f84b18fbdc38434
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709

HTTP Headers

GET /s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cobalt-sustaining-accelerator.glitch.me
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18664
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Nov 2023 05:14:09 GMT
expires: Wed, 06 Nov 2024 05:14:09 GMT
cache-control: public, max-age=31536000
age: 369907
last-modified: Thu, 14 Sep 2023 01:36:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

i.postimg.cc/zG3nVT0g/cb675.png

162.19.88.69

200 OK

5.0 kB

URL GET HTTP/2
i.postimg.cc/zG3nVT0g/cb675.png
IP
162.19.88.69:443
ASN
#16276 OVH SAS

Requested by
https://cobalt-sustaining-accelerator.glitch.me/zip.html
Certificate
IssuerLet's Encrypt
Subjectpostimg.cc
FingerprintA5:BC:82:6C:AF:0C:87:E6:4B:2F:B4:1A:26:A9:BB:4B:55:67:EA:1F
ValidityTue, 24 Oct 2023 07:31:42 GMT - Mon, 22 Jan 2024 07:31:41 GMT

File type
PNG image data, 455 x 111, 8-bit colormap, non-interlaced\012- data
Size
5.0 kB (4966 bytes)
Hash
2a1532e76ca86d27bae34bee7770c4b7
5f73a5e8ac448324d02bc6fc4af90d8a5c88733d
47f11b95f73135f7bc623be4083187d4d6343d17f9672214515576be46f81fdf

HTTP Headers

GET /zG3nVT0g/cb675.png HTTP/1.1
Host: i.postimg.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cobalt-sustaining-accelerator.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 11 Nov 2023 11:59:17 GMT
content-type: image/png
content-length: 4966
last-modified: Tue, 24 Oct 2023 01:26:10 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

cobalt-sustaining-accelerator.glitch.me/favicon.ico

54.236.174.139

404 Not Found

3.7 kB

URL GET HTTP/2
cobalt-sustaining-accelerator.glitch.me/favicon.ico
IP
54.236.174.139:443
ASN
#14618 AMAZON-AES

Requested by
https://cobalt-sustaining-accelerator.glitch.me/zip.html
Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint13:93:2D:E4:50:7E:CE:BA:BC:F9:6D:7E:86:7F:43:5D:8E:63:45:3E
ValidityWed, 22 Feb 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
3.7 kB (3674 bytes)
Hash
ce0366d3c0ef2d5187efc621c5e7fb00
83f60d035e88968d24178360639a8ad6cc08dc26
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cobalt-sustaining-accelerator.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cobalt-sustaining-accelerator.glitch.me/zip.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sat, 11 Nov 2023 11:59:17 GMT
content-length: 3674
cache-control: max-age=0
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans

142.250.74.106

200 OK

2.9 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://cobalt-sustaining-accelerator.glitch.me/zip.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintFA:D7:68:E4:12:7D:FE:22:87:DE:95:F1:1E:49:5A:49:FA:12:1E:B9
ValidityMon, 16 Oct 2023 08:10:01 GMT - Mon, 08 Jan 2024 08:10:00 GMT

File type
ASCII text, with very long lines (2967), with no line terminators
Size
2.9 kB (2895 bytes)
Hash
4e76b01dc618cbe0334ff1cf6998cc31
5fb4ff667edbbe6929e8f8fe657452703a08e0db
161cdfb1817d7d022db1c06020336329d00502dd11e4cee099f5d9075111c070

HTTP Headers

GET /css?family=Open+Sans HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cobalt-sustaining-accelerator.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 11 Nov 2023 11:59:16 GMT
date: Sat, 11 Nov 2023 11:59:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers