Report - wonderful-simple-action.glitch.me/public/nf00.HTM

Report Overview

Submitted URL
wonderful-simple-action.glitch.me/public/nf00.HTM
IP
44.210.222.25
ASN
#14618 AMAZON-AES
Submitted
2024-04-17 04:40:31
Access
public
Website Title
Navy Federal Credit Union - Our Members are the Mission®
Final URL
wonderful-simple-action.glitch.me/public/nf00.HTM
Tags
phishing suspicious
urlquery detections
Phishing - Generic phishing
Suspicious - Suspicious Javascript code

Detections

urlquery
6
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
wonderful-simple-action.glitch.me	unknown	unknown	No data	No data	503 B	2.9 MB	52.21.72.108
i.ibb.co	13485	2010-07-20	2018-11-25	2024-04-16	445 B	3.6 kB	162.19.58.161
l2.io	163527	2012-05-12	2015-06-25	2024-04-11	414 B	226 B	195.80.159.133
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-04-16	338 B	942 B	143.204.53.97

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-16	medium	wonderful-simple-action.glitch.me/public/nf00.HTM	Navy Federal Credit Union

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	unknown	852 B	2023-04-14	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:07 Last Seen2024-04-29 17:41:50 Times Seen144 Hash 9dceb192be2a6a42f1c8cb970822a65a 080e262a6354da1b65f5323c29fb8631274d54d6 0163580798d4f0e81b04f46aa5f0834b2d77160c58b3f77b29764bd51a1ccc14 Loading...

	unknown	1.7 kB	2023-09-27	2024-04-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-27 14:00:15 Last Seen2024-04-28 17:52:24 Times Seen22 Hash c571d7a5732465aa049602da77140b23 1cbc41fb6ea52d119e40e58e0aa8a6743f35447a 2950c0570f3752012f8d9675e96d4cd379b9b126182e395547558d9b878ac0d7 Loading...

	unknown	1.2 kB	2023-09-27	2024-04-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-27 14:00:15 Last Seen2024-04-28 17:52:24 Times Seen22 Hash 9b3a39cffa7453bee0f679ce683b4c6d 1a75109a2572b43f53e85ff00bf460aeb455974e 74882bd463169105d8377e9fe5b724a72550f817fe8230e94820b6a1d913651f Loading...

	l2.io/ip.js?var=userip	24 B	2023-03-07	2024-04-30
Pretty URL l2.io/ip.js?var=userip IP 195.80.159.133 ASN #29152 Decknet S.a.r.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-04-30 01:48:46 Times Seen1573 Hash f9dc91b3feea65bd389a2f5b57306c32 147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77 Loading...

	unknown	24 B	2023-04-14	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:07 Last Seen2024-04-29 17:41:50 Times Seen144 Hash 91bd33e881a6688ae7da8750397dac52 6d0c0de1f8d985079283072f9513090acb05a8c1 5e3309457053ce2503865aba4d1ee7be808e44ba94032174834e53f4d34222b3 Loading...

	unknown	2.1 kB	2023-04-14	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:07 Last Seen2024-04-29 17:41:50 Times Seen142 Hash c86ca5c0ee0957abc3ecf1ac2c16a7e4 acca8e74f96b6f4bf54d53150e73e79afa646aec 540b2d3244db065c3a48a0c20500211cb43fa366e49ba32de6b91972956a832d Loading...

	unknown	1.4 kB	2024-04-15	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-15 05:36:22 Last Seen2024-04-25 18:13:05 Times Seen4 Hash 5fe3d38d06178116d839ad7c31268086 3f1b767b203cfb8443bfeb840e83b4dbcfd27135 594b3420589b64dfdc65b2a5d1607eda33bf080bd496d302b0a0f57be806bca7 Loading...

	unknown	403 B	2023-04-12	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-12 19:11:47 Last Seen2024-04-29 17:41:49 Times Seen157 Hash 5d2648ad74b193d98207a4e83d9a1f94 b38359f3dbf1144fb8ffeb52beec983e05c7f3f4 f0688816dc29b83540a757623970914cd111d5cf62a13b952a19e0b7e0abef5c Loading...

	unknown	1.4 kB	2023-09-27	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-27 14:00:15 Last Seen2024-04-29 17:41:50 Times Seen23 Hash b7603cb1be6d768990c6afa9084838df 0fb26df815d4e4ccabfcb72711a947f365942dbb 4d74197a8d5decfaa81081e662009b8fccd640bc6e3228df8cda338415c0a6c9 Loading...

	unknown	1.3 kB	2024-04-10	2024-04-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-10 18:53:55 Last Seen2024-04-28 17:52:24 Times Seen7 Hash df3330fe78423604937c7f2d41517bf8 3150b7004222f4553df5c5e2ede17dc0ecf896bf dd43afb57f444afd58653df9a970ac8303b547e347d838eca942dfc369dd1828 Loading...

	unknown	1.1 kB	2023-09-27	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-27 14:00:15 Last Seen2024-04-29 17:41:50 Times Seen23 Hash e82dbeb9a230af9495009a25b01759ca da07128f588ec84851198bf1c46959090ed91a71 a9116a17aa09f2fde3850e193b59f7da6802d93d94da5c74e92a7c5bd55aede5 Loading...

	wonderful-simple-action.glitch.me/public/nf00.HTM	2.9 MB	2024-04-15	2024-04-25
Pretty URL wonderful-simple-action.glitch.me/public/nf00.HTM IP 52.21.72.108 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-15 05:36:22 Last Seen2024-04-25 18:13:05 Times Seen4 Hash bab4b73f3af0231335cf77e8f20992a3 335aa6a9591b2b96903b015b13c68a4b3d7e60c9 26de55d202445d9dc820ba776da1b567bc99191a3f05820bbfedb0ca45e80a60 Loading...

	unknown	81 B	2023-04-14	2024-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-14 09:29:07 Last Seen2024-04-29 17:41:50 Times Seen144 Hash f1986f6e942b9fd4d8e5f427725aaedd db4e78df8e28bf7e35b5c0806da193bf0c1b90b3 af1b5f1a1313c08c5037a63f9a6748a32ee7309378345d7d509dc5ae907dbf8a Loading...

		Size	First Seen	Last Seen
	#1 Write - 6194555a73c27a85eab607045ed9e8e4	953 kB	2024-04-17	2024-04-17
Pretty Observations First Seen2024-04-17 06:40:38 Last Seen2024-04-17 06:40:38 Times Seen1 Hash 6194555a73c27a85eab607045ed9e8e4 7c9a8a9dcba20e2d066493d3b17d9392ab3677a1 16932d4d37520c51cc9faa1d78612f25a045918f2131880c1c08c5a04f0f8ed6 Loading...

HTTP Transactions (4)

URL IP Response Size

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d2a465dba049fdb317be90b8cbe4ad9c
fd073c04bf00f15ab0fadeb96c9efb486a9413b6
fcd0e26b497e68a6a5b97868018d473bba4e7ae560f0d15c227e203e249e261d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Wed, 17 Apr 2024 04:40:04 GMT
Last-Modified: Wed, 17 Apr 2024 03:33:36 GMT
Server: ECAcc (ska/F7AF)
X-Cache: Miss from cloudfront
Via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CtLVNwwz_6k4V5WHLyKnjF8i77PwkkP9S5lUA-0z5ZnAJn-tWcJGvA==
Age: 3988

wonderful-simple-action.glitch.me/public/nf00.HTM

52.21.72.108

200 OK

2.9 MB

URL User Request GET HTTP/2
wonderful-simple-action.glitch.me/public/nf00.HTM
IP
52.21.72.108:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (65490)
Size
2.9 MB (2858975 bytes)
Hash
4e021140233603106f198a66ec9b8027
8ed1afb60914bfdb2156a52bb4ddd1dae4cecf95
c02eaedd361d711e3ef46bd833ee1081141549766e3f11f7a14d78de219ffaa7

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	Navy Federal Credit Union

HTTP Headers

GET /public/nf00.HTM HTTP/1.1
Host: wonderful-simple-action.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 04:40:04 GMT
content-type: text/html; charset=utf-8
content-length: 2858975
x-amz-id-2: 8vSF5a4D6zgKLiF6Qz3VltgVMSmRxt+avlEFLPo96NA6BoI6D12xK5haZVM53o7wywFgK0VYkxfZUOTsCqaJ/7sClXqnpW7U
x-amz-request-id: YR1PWF9CG6KKKTYB
last-modified: Tue, 09 Apr 2024 13:39:18 GMT
etag: "4e021140233603106f198a66ec9b8027"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

i.ibb.co/RpLNy4f/ajax-loader.gif

162.19.58.161

200 OK

3.2 kB

URL GET HTTP/2
i.ibb.co/RpLNy4f/ajax-loader.gif
IP
162.19.58.161:443
ASN
#16276 OVH SAS

Requested by
https://wonderful-simple-action.glitch.me/public/nf00.HTM
Certificate
IssuerLet's Encrypt
Subjectibb.co
Fingerprint47:33:B4:39:55:FC:BC:18:08:79:9C:6C:9D:F3:CF:3A:89:C4:99:62
ValidityWed, 07 Feb 2024 12:41:56 GMT - Tue, 07 May 2024 12:41:55 GMT

File type
GIF image data, version 89a, 32 x 32
Size
3.2 kB (3208 bytes)
Hash
be1cede97289c13920048f238fd37b85
313b867d11fc0dd6bc6ca47c334bbcf18956ca76
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

HTTP Headers

GET /RpLNy4f/ajax-loader.gif HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wonderful-simple-action.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Wed, 17 Apr 2024 04:40:05 GMT
content-type: image/gif
content-length: 3208
last-modified: Tue, 02 Mar 2021 22:27:30 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2

l2.io/ip.js?var=userip

195.80.159.133

200 OK

24 B

URL GET HTTP/1.1
l2.io/ip.js?var=userip
IP
195.80.159.133:443
ASN
#29152 Decknet S.a.r.l.

Requested by
https://wonderful-simple-action.glitch.me/public/nf00.HTM
Certificate
IssuerLet's Encrypt
Subjectl2.io
Fingerprint1D:F0:67:A9:3B:A0:37:E5:4C:88:AD:B8:EA:EE:A3:BB:A1:84:53:A7
ValidityTue, 05 Mar 2024 09:52:38 GMT - Mon, 03 Jun 2024 09:52:37 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
f9dc91b3feea65bd389a2f5b57306c32
147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e
d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77

HTTP Headers

GET /ip.js?var=userip HTTP/1.1
Host: l2.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wonderful-simple-action.glitch.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 04:40:05 GMT
Server: Apache/2.4.38 (Debian)
Content-Length: 24
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash