Report - inodive.us/wp-includes/style/Z3NjaGludHVAcmVnaW9uZS5zYXJkZWduYS5pdA==

Report Overview

Visited public
2024-07-12 19:55:51
Tags
zimbra phishing microsoft outlook
URL
inodive.us/wp-includes/style/Z3NjaGludHVAcmVnaW9uZS5zYXJkZWduYS5pdA==
Finishing URL
thorn-gem-crawdad.glitch.me/#gschintu@regione.sardegna.it
IP / ASN
192.64.35.169
#22878 ASACENET1
Title
Zimbra Web Client Sign In
Phishing - Zimbra Web Client
Phishing - Microsoft Outlook

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-07-11 18:12:19	1.6 kB	4.4 kB	23.36.76.249
inodive.us	unknown	2009-02-26	2018-02-07 14:28:20	2022-05-24 09:50:51	523 B	512 B	192.64.35.169
thorn-gem-crawdad.glitch.me	unknown	unknown	No data	No data	1.0 kB	182 kB	23.22.57.238
wafsd.com	unknown	2023-09-07	2023-11-29 16:10:01	2024-04-17 23:18:22	1.8 kB	18 kB	195.35.33.215

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-07-12 19:55:26	medium	Client IP	23.22.57.238	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2024-07-12 19:55:26	low	Client IP	23.22.57.238	ET INFO Observed Online Application Hosting Domain (glitch .me in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	From	Size	First Seen	Last Seen
	thorn-gem-crawdad.glitch.me/#gschintu@regione.sardegna.it	ScriptElement	90 kB	2024-07-10	2024-09-28
Pretty URL thorn-gem-crawdad.glitch.me/#gschintu@regione.sardegna.it IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-07-10 07:24 Last Seen2024-09-28 07:37 Times Seen176 Hash 6555fb132677deb6aef4a98d1da827cd b97e5501f4d3f71429e41ae5f8032053b3daa5ee 07af6465b20f1eb9cfb3f3f6c539a6803fdb93e3ea19887165e07b92cbcdb56a Loading...

	unknown	ScriptElement	534 B	2023-12-20	2024-09-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-20 19:08 Last Seen2024-09-28 07:37 Times Seen233 Hash fdd64089b599623fef4e10c087041bcc 87d480062f938a83d979f5d14280e42a3d60c58c 6cf52fa82cf14fb235b41b4ddfd666316084c30745e9914e575237fca442750a Loading...

	unknown	ScriptElement	3.7 kB	2024-04-15	2024-09-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-15 10:59 Last Seen2024-09-28 07:37 Times Seen204 Hash ef720b27c08846167e9caf5e69fc03f2 e6cac9b9a8a01cd3f43214842b41bb35d63d108e 4f38c71567fefde8b9fcf098c8c14c075821aae7c305402a237d88524095f383 Loading...

		Size	First Seen	Last Seen
	#1 Write - ef31bd8ad111f26750848947f70bd653	11 kB	2024-04-15 10:59	2024-09-28 07:37
Pretty Observations First Seen2024-04-15 10:59 Last Seen2024-09-28 07:37 Times Seen204 Hash ef31bd8ad111f26750848947f70bd653 7933731f127aad2f9b3b6fc723cd1b6f90f4675a f9d3de9342807fdde4963e8ae215ed7756fbc434b8ebff8b623343986561659c Loading...

HTTP Transactions (12)

URL IP Response Size

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
4a4d81b1c193182fe2b1122877e94203
fd1f4427cb5867a8f63ae15825279827bbf768e6
4cd1772d378248e886ee96f55d956ff0856ba3f2eae9f15a10136e68f450ca70

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4CD1772D378248E886EE96F55D956FF0856BA3F2EAE9F15A10136E68F450CA70"
Last-Modified: Fri, 12 Jul 2024 11:47:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10609
Expires: Fri, 12 Jul 2024 22:52:14 GMT
Date: Fri, 12 Jul 2024 19:55:25 GMT
Connection: keep-alive

inodive.us/wp-includes/style/Z3NjaGludHVAcmVnaW9uZS5zYXJkZWduYS5pdA==

192.64.35.169

128 B

URL
inodive.us/wp-includes/style/Z3NjaGludHVAcmVnaW9uZS5zYXJkZWduYS5pdA==
IP
192.64.35.169:0
ASN
#22878 ASACENET1

File type
HTML document, ASCII text
Size
128 B (128 bytes)
Hash
a7c2077b6a4764cb6c636b15755950ce
61e630f7387d7dc6b7ca100d4bf01ffe79853e66
17e650d5a52e5e2b68fb325f29b944d9c8b3700b026d10156055420a08d91141

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET /wp-includes/style/Z3NjaGludHVAcmVnaW9uZS5zYXJkZWduYS5pdA== HTTP/1.1
Host: inodive.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 12 Jul 2024 19:55:25 GMT
Server: Apache
X-Powered-By: PHP/7.4.33
Cache-Control: max-age=600
Expires: Fri, 12 Jul 2024 20:05:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
Content-Length: 128
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

thorn-gem-crawdad.glitch.me/

23.22.57.238

90 kB

URL
thorn-gem-crawdad.glitch.me/
IP
23.22.57.238:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (65463)
Size
90 kB (90289 bytes)
Hash
2c52dd43afc668cb01c059eba60de081
94c91aee3015bfe8bc01f7d3b81fcd2e2e3fe2b5
f7110b83534009af1c066d3b7e736668309e123d38a8595e89e1e89bfcada2c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET / HTTP/1.1
Host: thorn-gem-crawdad.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://inodive.us/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 12 Jul 2024 19:55:26 GMT
content-type: text/html; charset=utf-8
content-length: 90289
x-amz-id-2: vihC+6GIf6Qopd+sDZlQt/VycilSphsPMVd2JFXgUluwQwJ0UkSBSchVLnAriW2Px2Q1iz3AKYs=
x-amz-request-id: 4GTJJEB71WAZ4FSR
last-modified: Thu, 11 Jul 2024 22:01:58 GMT
etag: "2c52dd43afc668cb01c059eba60de081"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: WjxbR7UMhb4wgv0_4ixRZ72g.bmenGtQ
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/styles.css

195.35.33.215

200 OK

12 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/styles.css
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://thorn-gem-crawdad.glitch.me/#gschintu@regione.sardegna.it
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
ASCII text
Size
12 kB (11747 bytes)
Hash
7e1450058910ad15aefc024fb6d754fe
436b7fe594a671decaaa869a6aa10df5da083d61
917a8961aebb812d1f697925bdffb7364988a248fb4a1b62f18ebf8ad4a5e98c

HTTP Headers

GET /app/zimbr/media/styles.css HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thorn-gem-crawdad.glitch.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 19 Jul 2024 19:55:27 GMT
content-type: text/css
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "10f1f-6567e0ff-564f574ba31d81a;br"
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 11747
date: Fri, 12 Jul 2024 19:55:27 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/ImgCritical_32.png

195.35.33.215

200 OK

1.8 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/ImgCritical_32.png
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://thorn-gem-crawdad.glitch.me/#gschintu@regione.sardegna.it
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Size
1.8 kB (1786 bytes)
Hash
d603a4564e6eaed3aa0d3968e370d3b2
539b8ec9f251b28e1bd0cff9d8992309ad61f442
dbe2ddb68a1551e50afee8edce02b19f9f86a0f43643fac32f66616bd10e30cb

HTTP Headers

GET /app/zimbr/media/ImgCritical_32.png HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thorn-gem-crawdad.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 19 Jul 2024 19:55:27 GMT
content-type: image/png
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "6fa-6567e0ff-6ce1f8c460996416;;;"
accept-ranges: bytes
content-length: 1786
date: Fri, 12 Jul 2024 19:55:27 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

wafsd.com/app/zimbr/media/LoginBanner_white.png

195.35.33.215

200 OK

3.3 kB

URL GET HTTP/2
wafsd.com/app/zimbr/media/LoginBanner_white.png
IP
195.35.33.215:443
ASN
#47583 Hostinger International Limited

Requested by
https://thorn-gem-crawdad.glitch.me/#gschintu@regione.sardegna.it
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type
PNG image data, 163 x 36, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3299 bytes)
Hash
e04d149f1a5dec8a4b31e20e1f1413fb
44e9355e76474683c0f9ebd8c8150fffd30f9e9b
8db258b55ceabeb5c9c8bf41f59a2743c579cfcee58c34cacc945ad9c01d6ef1

HTTP Headers

GET /app/zimbr/media/LoginBanner_white.png HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wafsd.com/app/zimbr/media/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 19 Jul 2024 19:55:27 GMT
content-type: image/png
last-modified: Thu, 30 Nov 2023 01:10:23 GMT
etag: "ce3-6567e0ff-f186d7682c765f64;;;"
accept-ranges: bytes
content-length: 3299
date: Fri, 12 Jul 2024 19:55:27 GMT
server: LiteSpeed
platform: hostinger
content-security-policy: upgrade-insecure-requests
X-Firefox-Spdy: h2

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16130
Expires: Sat, 13 Jul 2024 00:24:17 GMT
Date: Fri, 12 Jul 2024 19:55:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16130
Expires: Sat, 13 Jul 2024 00:24:17 GMT
Date: Fri, 12 Jul 2024 19:55:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16130
Expires: Sat, 13 Jul 2024 00:24:17 GMT
Date: Fri, 12 Jul 2024 19:55:27 GMT
Connection: keep-alive

r10.o.lencr.org/

23.36.76.249

504 B

URL
r10.o.lencr.org/
IP
23.36.76.249:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
50e4489707989517510128817aedd2ea
36a54d7b34a9ac621715b569e5a870f62671c574
3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40"
Last-Modified: Wed, 10 Jul 2024 17:32:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16130
Expires: Sat, 13 Jul 2024 00:24:17 GMT
Date: Fri, 12 Jul 2024 19:55:27 GMT
Connection: keep-alive

wafsd.com/app/zimbr/media/zimbra.ico

0.0.0.0

0 B

URL GET
wafsd.com/app/zimbr/media/zimbra.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://thorn-gem-crawdad.glitch.me/#gschintu@regione.sardegna.it
Certificate
IssuerLet's Encrypt
Subjectwafsd.com
FingerprintB9:EC:1B:FD:8B:D8:A1:3A:D7:77:CE:15:EC:C2:FB:0F:D3:E1:41:72
ValiditySun, 16 Jun 2024 19:19:08 GMT - Sat, 14 Sep 2024 19:19:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /app/zimbr/media/zimbra.ico HTTP/1.1
Host: wafsd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://thorn-gem-crawdad.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

thorn-gem-crawdad.glitch.me/

23.22.57.238

200 OK

90 kB

URL User Request GET HTTP/2
thorn-gem-crawdad.glitch.me/
IP
23.22.57.238:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (65463)
Size
90 kB (90289 bytes)
Hash
2c52dd43afc668cb01c059eba60de081
94c91aee3015bfe8bc01f7d3b81fcd2e2e3fe2b5
f7110b83534009af1c066d3b7e736668309e123d38a8595e89e1e89bfcada2c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Zimbra Web Client
urlquery	phishing	Phishing - Microsoft Outlook

HTTP Headers

GET / HTTP/1.1
Host: thorn-gem-crawdad.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://inodive.us/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 12 Jul 2024 19:55:26 GMT
content-type: text/html; charset=utf-8
content-length: 90289
x-amz-id-2: vihC+6GIf6Qopd+sDZlQt/VycilSphsPMVd2JFXgUluwQwJ0UkSBSchVLnAriW2Px2Q1iz3AKYs=
x-amz-request-id: 4GTJJEB71WAZ4FSR
last-modified: Thu, 11 Jul 2024 22:01:58 GMT
etag: "2c52dd43afc668cb01c059eba60de081"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: WjxbR7UMhb4wgv0_4ixRZ72g.bmenGtQ
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (12)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash