Report - fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM

Report Overview

Submitted URL
fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM
IP
52.2.151.71
ASN
#14618 AMAZON-AES
Submitted
2023-11-26 07:44:09
Access
public
Website Title
Navy Federal Credit Union - Our Members are the Mission®
Final URL
fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM
Tags
suspicious
urlquery detections
Suspicious - Suspicious Javascript code

Detections

urlquery
2
Network Intrusion Detection
8
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fine-panoramic-houseboat.glitch.me	unknown	unknown	No data	No data	518 B	2.9 MB	54.84.157.136
i.ibb.co	13485	2010-07-20	2018-11-25	2023-11-25	458 B	3.6 kB	162.19.58.156
l2.io	163527	2012-05-12	2015-06-25	2023-11-25	427 B	226 B	195.80.159.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-11-26 07:43:53	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-26 07:43:53	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-26 07:43:53	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-11-26 07:43:53	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-11-26 07:43:53	medium	Client IP	54.84.157.136	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing
2023-11-26 07:43:55	medium	Client IP	Internal IP	ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup)
2023-11-26 07:43:55	medium	Client IP	Internal IP	ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup)
2023-11-26 07:43:55	medium	Client IP	195.80.159.133	ET POLICY Observed IP Lookup Domain (l2 .io in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	unknown	403 B	2023-04-12	2024-07-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 19:11:47 Last Seen2024-07-22 00:37:47 Times Seen166 Hash 5d2648ad74b193d98207a4e83d9a1f94 b38359f3dbf1144fb8ffeb52beec983e05c7f3f4 f0688816dc29b83540a757623970914cd111d5cf62a13b952a19e0b7e0abef5c Loading...

	unknown	24 B	2023-04-14	2024-07-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:07 Last Seen2024-07-22 00:37:47 Times Seen149 Hash 91bd33e881a6688ae7da8750397dac52 6d0c0de1f8d985079283072f9513090acb05a8c1 5e3309457053ce2503865aba4d1ee7be808e44ba94032174834e53f4d34222b3 Loading...

	fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM	2.9 MB	2023-03-08	2024-01-09
Pretty URL fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM IP 54.84.157.136 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 15:28:20 Last Seen2024-01-09 04:52:40 Times Seen15 Hash 412be9c592e44854b6cf93e7da65bf0b 0cddc81c285f2d8851f8fd14df4d33729c3cc862 2ea74b7c62f3ae8a330bc2d840dfcdd0cd430bcc0f3984d894241daa48cef5c1 Loading...

	unknown	1.4 kB	2023-04-30	2024-01-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-30 18:48:30 Last Seen2024-01-09 04:52:40 Times Seen11 Hash 7576fe6c3667db3bde9d4977d4c34ee3 f9370ccdaefb1856f41b0e1a0d63b4870299f143 90c59035df9fa28dc3d21861a68aad6c8a789dad7e8ecd2ccc7f6c74537ed2bb Loading...

	l2.io/ip.js?var=userip	24 B	2023-03-07	2024-07-27
Pretty URL l2.io/ip.js?var=userip IP 195.80.159.133 ASN #29152 Decknet S.a.r.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-07-27 03:25:58 Times Seen1842 Hash f9dc91b3feea65bd389a2f5b57306c32 147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77 Loading...

	unknown	81 B	2023-04-14	2024-07-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:07 Last Seen2024-07-22 00:37:47 Times Seen149 Hash f1986f6e942b9fd4d8e5f427725aaedd db4e78df8e28bf7e35b5c0806da193bf0c1b90b3 af1b5f1a1313c08c5037a63f9a6748a32ee7309378345d7d509dc5ae907dbf8a Loading...

	unknown	2.1 kB	2023-04-14	2024-07-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:07 Last Seen2024-07-22 00:37:47 Times Seen147 Hash c86ca5c0ee0957abc3ecf1ac2c16a7e4 acca8e74f96b6f4bf54d53150e73e79afa646aec 540b2d3244db065c3a48a0c20500211cb43fa366e49ba32de6b91972956a832d Loading...

	unknown	1.4 kB	2023-04-12	2024-07-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 19:11:47 Last Seen2024-07-18 11:21:23 Times Seen116 Hash 81c97ebd890afc77ff82d7c79beca854 cdf9e82fc2c184210c55dbdd09572ebfbb08667f b5f98fc6510547589808b6cc70d2ab8bf766369f84b01a9a9ded49682c5b9a64 Loading...

	unknown	1.1 kB	2023-04-12	2024-07-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 19:11:47 Last Seen2024-07-18 11:21:23 Times Seen92 Hash 9f982fda3140f4c73c12676d7058ace6 ed11bc6b7f5186835b756793fa858945f342f65d 5a711c57c47a9bb18c5a97a48209489a5b36ccb51ce7b561c1a566ef819c99e6 Loading...

	unknown	852 B	2023-04-14	2024-07-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:07 Last Seen2024-07-22 00:37:47 Times Seen149 Hash 9dceb192be2a6a42f1c8cb970822a65a 080e262a6354da1b65f5323c29fb8631274d54d6 0163580798d4f0e81b04f46aa5f0834b2d77160c58b3f77b29764bd51a1ccc14 Loading...

	unknown	1.9 kB	2023-04-12	2024-07-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 19:11:47 Last Seen2024-07-18 11:21:23 Times Seen116 Hash ee9e4a822f8b85bc8906362bbe98a8b3 5b9688ae6f30d94277474f02609b92f5341a54d3 b2e820470a68e0089be9d8a0d2c2d791bf72c4a6b6077d765e4b51fe417c8da0 Loading...

	unknown	1.2 kB	2023-04-14	2024-01-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:06 Last Seen2024-01-18 02:52:00 Times Seen73 Hash 982a7a809e74f20e0f21939763aa2681 e2da2e627fca4da8d2c8c1afaa5a7703b13b8291 5aff3f7cb0a49da2081b51067315bdbae6ee8bf86546d7525756d80ad034d211 Loading...

	unknown	1.3 kB	2023-04-12	2024-07-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 19:11:47 Last Seen2024-07-18 11:21:23 Times Seen114 Hash 7c019014fef43b5f4417056535a30d31 32f40351374ee91e1adeb1921d2f2acbb467c02f b4269160576c450214b445c8ff835fb26921d4f6a4120eb04c9157ddac6b853f Loading...

		Size	First Seen	Last Seen
	#1 Write - cda743c68899581f5588287426a54c36	953 kB	2023-03-08	2024-01-09
Pretty Observations First Seen2023-03-08 15:28:21 Last Seen2024-01-09 04:52:40 Times Seen16 Hash cda743c68899581f5588287426a54c36 21740706e8f8477c503e16ebc5135c572e4a5616 1af8a3d6c0a0df357be5c3aca1858ccb5f0302e3c574d717203e080e6f686728 Loading...

HTTP Transactions (3)

	URL	IP	Response	Size
	fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM	54.84.157.136	200 OK	2.9 MB
URL User Request GET HTTP/2 fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM IP 54.84.157.136:443 ASN #14618 AMAZON-AES Certificate IssuerAmazon Subjectglitch.com Fingerprint13:93:2D:E4:50:7E:CE:BA:BC:F9:6D:7E:86:7F:43:5D:8E:63:45:3E ValidityWed, 22 Feb 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT File type HTML document text\012- exported SGML document, ASCII text, with very long lines (65489) Size 2.9 MB (2858168 bytes) Hash 1e9f2d1a78ff49e3b5fd054d6d09caf4 cfc0fcd2c604d38fb859c45e246c7b4e25e5b2ab 8becceb07ad5e406feac44600ca315297b6c69bda2a737503512bfc1489a7009 HTTP Headers GET /public/hkadhw.HTM HTTP/1.1 Host: fine-panoramic-houseboat.glitch.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK date: Sun, 26 Nov 2023 07:43:50 GMT content-type: text/html; charset=utf-8 content-length: 2858168 x-amz-id-2: Hy97DuN1iQwgU6qV27JEyHe2glzJklHqMjjiuOYukr8Q8eT+1BNzBSTqW+xqXXk5Xnu3kSzwTGg= x-amz-request-id: PQ4FJ2QBX1X7355K last-modified: Tue, 26 Sep 2023 13:20:56 GMT etag: "1e9f2d1a78ff49e3b5fd054d6d09caf4" x-amz-server-side-encryption: AES256 cache-control: no-cache x-amz-version-id: null accept-ranges: bytes server: AmazonS3 X-Firefox-Spdy: h2`

	i.ibb.co/RpLNy4f/ajax-loader.gif	162.19.58.156	200 OK	3.2 kB
URL GET HTTP/2 i.ibb.co/RpLNy4f/ajax-loader.gif IP 162.19.58.156:443 ASN #16276 OVH SAS Requested by https://fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM Certificate IssuerLet's Encrypt Subjectibb.co FingerprintCC:72:96:95:90:7F:15:8E:AC:C5:40:3A:D2:6F:83:A3:DF:5E:72:56 ValidityMon, 09 Oct 2023 14:39:49 GMT - Sun, 07 Jan 2024 14:39:48 GMT File type GIF image data, version 89a, 32 x 32\012- data Size 3.2 kB (3208 bytes) Hash be1cede97289c13920048f238fd37b85 313b867d11fc0dd6bc6ca47c334bbcf18956ca76 fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355 HTTP Headers `GET /RpLNy4f/ajax-loader.gif HTTP/1.1 Host: i.ibb.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://fine-panoramic-houseboat.glitch.me/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Sun, 26 Nov 2023 07:43:52 GMT content-type: image/gif content-length: 3208 last-modified: Tue, 02 Mar 2021 22:27:30 GMT expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000, public access-control-allow-origin: * access-control-allow-methods: GET, OPTIONS accept-ranges: bytes X-Firefox-Spdy: h2`

	l2.io/ip.js?var=userip	195.80.159.133	200 OK	24 B
URL GET HTTP/1.1 l2.io/ip.js?var=userip IP 195.80.159.133:443 ASN #29152 Decknet S.a.r.l. Requested by https://fine-panoramic-houseboat.glitch.me/public/hkadhw.HTM Certificate IssuerLet's Encrypt Subjectl2.io Fingerprint65:49:ED:2D:E9:35:D9:26:3D:70:87:2B:4F:20:FF:14:56:55:52:B4 ValidityTue, 17 Oct 2023 07:33:55 GMT - Mon, 15 Jan 2024 07:33:54 GMT File type ASCII text, with no line terminators Size 24 B (24 bytes) Hash f9dc91b3feea65bd389a2f5b57306c32 147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77 HTTP Headers `GET /ip.js?var=userip HTTP/1.1 Host: l2.io User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://fine-panoramic-houseboat.glitch.me/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Date: Sun, 26 Nov 2023 07:43:53 GMT Server: Apache/2.4.38 (Debian) Content-Length: 24 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8`

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations