Report - acidic-bitter-wing.glitch.me/

Report Overview

URL

acidic-bitter-wing.glitch.me/
IP

52.5.48.123

ASN

#14618 AMAZON-AES
Submitted

2023-06-10T11:10:22Z

Access

public
Tags

suspicious
urlquery detections

Suspicious - JavaScript obfusction

Detections

urlquery

2
Network Intrusion Detection

4
Threat Detection Systems

1

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
code.jquery.com (1)	634	2012-05-21 19:28:02	2023-06-10 05:11:11	532	24314	69.16.175.10
stackpath.bootstrapcdn.com (1)	2467	2018-06-15 22:36:43	2023-06-10 05:18:06	481	15828	104.18.10.207
ajax.googleapis.com (1)	12905	2013-08-16 11:51:31	2023-06-10 11:47:03	475	31012	216.58.207.234
maxcdn.bootstrapcdn.com (2)	724	2014-06-18 02:37:31	2023-06-10 05:13:44	1122	195670	104.18.11.207
fonts.googleapis.com (1)	8877	2013-06-10 22:14:26	2023-06-10 10:32:47	480	3527	142.250.74.106
ocsp.r2m01.amazontrust.com (1)	unknown	2022-10-12 22:43:53	2023-06-10 10:59:17	340	942	54.230.80.227
acidic-bitter-wing.glitch.me (1)	unknown	2023-06-09 16:20:26	2023-06-10 02:06:46	485	758	23.20.22.110
cdnjs.cloudflare.com (1)	235	2015-04-17 22:46:33	2023-06-10 05:11:57	557	7190	104.17.24.14
ocsp.pki.goog (1)	175	2018-07-01 08:43:07	2023-06-10 05:09:51	333	699	142.250.74.131
mentoolz0-1318233580.cos.na-toronto.myqcloud.com (1)	unknown	2023-06-08 22:49:50	2023-06-08 22:49:50	484	1120219	49.51.54.104
mentoolz0.site (1)	unknown	2023-05-31 00:33:33	2023-06-08 22:50:24	584	378	69.49.234.229
ocsp2.globalsign.com (2)	1544	2012-05-23 20:10:04	2023-06-10 05:09:42	714	3862	104.18.20.226
majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com (3)	unknown	2023-06-08 22:49:48	2023-06-08 22:49:48	1654	6760	49.51.78.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-10T11:10:03Z	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-06-10T11:10:03Z	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-06-10T11:10:03Z	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-06-10T11:10:03Z	medium	Client IP	23.20.22.110	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-06-09	medium	acidic-bitter-wing.glitch.me/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (17)

URL IP Response Size

ocsp.r2m01.amazontrust.com/

54.230.80.227

471

URL

ocsp.r2m01.amazontrust.com/
IP

54.230.80.227:0
ASN

#16509 AMAZON-02

Magic

data

Size

471
Hash

b61da4bfe19a56897ff65dce5792b349

10b2ae0d4a16bd76a2b86f5aa49d861910a4048c

c92e9560f95f498b0f168324e17378965cbdeacd32b86ffaace1c0eeebf2a348

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Sat, 10 Jun 2023 11:10:04 GMT
Last-Modified: Sat, 10 Jun 2023 09:45:39 GMT
Server: ECAcc (nya/7970)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ESBsl8GgwilOoUAixMC6U3HB6dV6R_NC9oS_63MN3XiFLOAqOxzmMw==
Age: 5065

acidic-bitter-wing.glitch.me/

23.20.22.110

200 OK

244

URL User Request GET HTTP/2

acidic-bitter-wing.glitch.me/
IP

23.20.22.110:443
ASN

#14618 AMAZON-AES

Certificate

IssuerAmazon

Subjectglitch.com

Fingerprint13:93:2D:E4:50:7E:CE:BA:BC:F9:6D:7E:86:7F:43:5D:8E:63:45:3E

ValidityWed, 22 Feb 2023 00:00:00 GMT - Thu, 01 Feb 2024 23:59:59 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

244
Hash

6d9b15999e2add3f3e67ce26f32a574a

249356e5efd122e099fb7caf02d1ec6f08167030

597025804545ba61492698fdf99cb6731b02ab5874dadb3ea3c5a3b41ca30ef5

Detections

Analyzer	Verdict	Alert
openphish	Office365

HTTP Headers

                                        GET / HTTP/1.1
Host: acidic-bitter-wing.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 10 Jun 2023 11:10:04 GMT
content-type: text/html; charset=utf-8
content-length: 244
x-amz-id-2: Ok7bOn4Q4SVeWtzL08MpVAEYaUP96Xd2/qaYTI3lV5UASW/DNPmrZKNGbw7wc+TrqHqLLDg/S+Yd77nctIMM0g==
x-amz-request-id: 6E2PB1AR5DRNC1TA
last-modified: Fri, 09 Jun 2023 14:15:53 GMT
etag: "6d9b15999e2add3f3e67ce26f32a574a"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: UuHaOht73DIYlywj6lnYERLtAMHAS0vC
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g3

104.18.20.226

1461

URL

ocsp2.globalsign.com/gsorganizationvalsha2g3
IP

104.18.20.226:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

1461
Hash

0e5ac1be94a2d31c1ab0fe9dd459677f

f843f476148f8df13be096e6516e4bca067c6977

aedcb3ac2c1d13d1d03d8453d5f2cb2fef68d7d480a24a1c1799e8b459e6a1ad

HTTP Headers

                                        POST /gsorganizationvalsha2g3 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 11:10:05 GMT
Content-Type: application/ocsp-response
Content-Length: 1461
Connection: keep-alive
Expires: Wed, 14 Jun 2023 10:59:20 GMT
ETag: "f843f476148f8df13be096e6516e4bca067c6977"
Last-Modified: Sat, 10 Jun 2023 10:59:21 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d512a753c46b4fa-OSL

majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?

United States Tencent Building, Kejizhongyi Avenue

49.51.78.226

200 OK

5112

URL User Request GET HTTP/1.1

majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
IP

49.51.78.226:443
ASN

#132203 Tencent Building, Kejizhongyi Avenue

Certificate

IssuerGlobalSign nv-sa

Subject*.cos.na-ashburn.myqcloud.com

Fingerprint5E:C8:27:CC:24:D0:F7:7C:A0:4D:7E:B6:0C:65:6F:BE:08:34:1E:66

ValidityWed, 01 Mar 2023 07:36:04 GMT - Mon, 01 Apr 2024 07:36:03 GMT

Magic

HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4153), with CRLF line terminators

Size

5112
Hash

6b0b8fe2535930cb026e89be6ecbd4c0

6e07dee4c15512dfd863a8adeb4b1d7e16615e63

3102f4efeae82939a6b838e103227ac1652457404d9f65746d7999a846c80279

HTTP Headers

                                        GET /majorleaguelawnpros.html? HTTP/1.1
Host: majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://acidic-bitter-wing.glitch.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 5112
Connection: keep-alive
Accept-Ranges: bytes
Date: Sat, 10 Jun 2023 11:10:05 GMT
ETag: "6b0b8fe2535930cb026e89be6ecbd4c0"
Last-Modified: Mon, 22 May 2023 11:38:28 GMT
Server: tencent-cos
x-cos-hash-crc64ecma: 11329954364622135880
x-cos-request-id: NjQ4NDVhMGRfNGQ5NzBjMDlfMzczMl8xMmJkN2Uw

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.24.14

200 OK

6157

URL GET HTTP/2

cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP

104.17.24.14:443
ASN

#13335 CLOUDFLARENET

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

FingerprintA9:11:71:07:07:92:48:7E:A9:3C:E8:32:25:3F:EB:AC:7D:51:7E:8F

ValidityWed, 03 Aug 2022 00:00:00 GMT - Wed, 02 Aug 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (19015)

Size

6157
Hash

70d3fda195602fe8b75e0097eed74dde

c3b977aa4b8dfb69d651e07015031d385ded964b

a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

                                        GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 10 Jun 2023 11:10:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 3775302
expires: Thu, 30 May 2024 11:10:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b%2BV12%2BNx%2F%2Bk2LIIJc4WtcNeO2aR3hzGLcmGrq7%2FPwhYAMhiov6%2BSL3PkD5jbCcGOnGChVaIzPqT0lu%2Fk3%2FKqTVJUzqA1fm0ikwr3O%2FYd%2F8IRIr6KKF7yDqq%2B1n%2BeEUHzz8gELFIO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7d512a789f65b505-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.2.1.slim.min.js

69.16.175.10

200 OK

23856

URL GET HTTP/2

code.jquery.com/jquery-3.2.1.slim.min.js
IP

69.16.175.10:443
ASN

#20446 STACKPATH-CDN

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerSectigo Limited

Subject*.jquery.com

Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83

ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (32012)

Size

23856
Hash

5f48fc77cac90c4778fa24ec9c57f37d

9e89d1515bc4c371b86f4cb1002fd8e377c1829f

9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

                                        GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 10 Jun 2023 11:10:06 GMT
content-encoding: gzip
content-length: 23856
content-type: application/javascript; charset=utf-8
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
accept-ranges: bytes
server: nginx
etag: W/"62f659d6-10fdd"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1686395406.dop015.sk1.t,1686395406.cds015.sk1.hn,1686395406.cds235.sk1.c
X-Firefox-Spdy: h2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

14935

URL GET HTTP/2

stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP

104.18.10.207:443
ASN

#13335 CLOUDFLARENET

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (50758)

Size

14935
Hash

67176c242e1bdc20603c878dee836df3

27a71b00383d61ef3c489326b3564d698fc1227c

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

                                        GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 10 Jun 2023 11:10:06 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-cachedat: 11/15/2021 23:30:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: a35b0179a28ed953258d0fb41376a09c
cdn-cache: HIT
cf-cache-status: HIT
age: 29439254
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d512a78b821b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

216.58.207.234

200 OK

30028

URL GET HTTP/2

ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP

216.58.207.234:443
ASN

#15169 GOOGLE

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

ASCII text, with very long lines (32065)

Size

30028
Hash

2f6b11a7e914718e0290410e85366fe9

69bb69e25ca7d5ef0935317584e6153f3fd9a88c

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

                                        GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Jun 2023 23:50:16 GMT
expires: Tue, 04 Jun 2024 23:50:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 386390
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471

URL

ocsp.pki.goog/gts1c3
IP

142.250.74.131:0
ASN

#15169 GOOGLE

Magic

data

Size

471
Hash

039bd5f5536d1b489d46e52d9cd5a21e

88770d7c23bb9aefa7d8fad6262332c0a682a0d3

6195b2c8747988942a35a477b811d323d137e697b23c6670d093a1b10c4879c9

HTTP Headers

                                        POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Jun 2023 11:10:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp2.globalsign.com/gsorganizationvalsha2g3

104.18.20.226

1461

URL

ocsp2.globalsign.com/gsorganizationvalsha2g3
IP

104.18.20.226:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

1461
Hash

7397f48778a68fe9a39f9cd79af8ba3f

c00d1ed5166cf5ca97188c837cd5d7bf9a2f483d

5bde2ad77ac631dcc45286ccceee74dc8fe3e9fc3d82b6ce5df31a140426199f

HTTP Headers

                                        POST /gsorganizationvalsha2g3 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 11:10:07 GMT
Content-Type: application/ocsp-response
Content-Length: 1461
Connection: keep-alive
Expires: Wed, 14 Jun 2023 10:07:52 GMT
ETag: "c00d1ed5166cf5ca97188c837cd5d7bf9a2f483d"
Last-Modified: Sat, 10 Jun 2023 10:07:53 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 619
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d512a7dfac9b4fa-OSL

majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/favicon.ico

49.51.78.226

404 Not Found

429

URL GET HTTP/1.1

majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/favicon.ico
IP

49.51.78.226:443
ASN

#132203 Tencent Building, Kejizhongyi Avenue

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerGlobalSign nv-sa

Subject*.cos.na-ashburn.myqcloud.com

Fingerprint5E:C8:27:CC:24:D0:F7:7C:A0:4D:7E:B6:0C:65:6F:BE:08:34:1E:66

ValidityWed, 01 Mar 2023 07:36:04 GMT - Mon, 01 Apr 2024 07:36:03 GMT

Magic

XML 1.0 document text\012- XML document, ASCII text

Size

429
Hash

5a45b4895d69b43399ba4dbf5ee83afd

72d30910072f88ca276a5729f9dda59eaf082ab0

33ba9f2b06c942891cfa42097358b8c4794f018c5b58fcfe269cbf8b26da7fd9

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 429
Connection: keep-alive
Date: Sat, 10 Jun 2023 11:10:07 GMT
Server: tencent-cos
x-cos-request-id: NjQ4NDVhMGZfNGQ5NzBjMDlfMzcyN18xMmE3NmU2

mentoolz0-1318233580.cos.na-toronto.myqcloud.com/bootstrapp.min.js

Canada Tencent Building, Kejizhongyi Avenue

49.51.54.104

200 OK

1119850

URL GET HTTP/1.1

mentoolz0-1318233580.cos.na-toronto.myqcloud.com/bootstrapp.min.js
IP

49.51.54.104:443
ASN

#132203 Tencent Building, Kejizhongyi Avenue

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerGlobalSign nv-sa

Subject*.cos.na-toronto.myqcloud.com

Fingerprint35:FE:CD:A6:0E:ED:28:0B:E5:8E:50:19:E7:C1:9C:13:37:4D:53:F0

ValidityMon, 27 Feb 2023 02:45:55 GMT - Sat, 30 Mar 2024 02:45:54 GMT

Magic

ASCII text, with very long lines (65476), with CRLF line terminators

Size

1119850
Hash

f35fa33bd2139aef2b5998a9b62d138d

25a0de540a94997ceac91e98d83ebc0cf964b6c5

36279fe96132f1c25971a8f7b02e969891fd3eb972024c9712bb8bcda4356af9

HTTP Headers

                                        GET /bootstrapp.min.js HTTP/1.1
Host: mentoolz0-1318233580.cos.na-toronto.myqcloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 1119850
Connection: keep-alive
Accept-Ranges: bytes
Date: Sat, 10 Jun 2023 11:10:08 GMT
ETag: "f35fa33bd2139aef2b5998a9b62d138d"
Last-Modified: Mon, 22 May 2023 11:37:14 GMT
Server: tencent-cos
x-cos-hash-crc64ecma: 10931317880534458785
x-cos-request-id: NjQ4NDVhMGZfMmE1NzA2MDlfMjMxZV9iNDZiNjI=

mentoolz0.site/next.php

69.49.234.229

200 OK

URL POST HTTP/1.1

mentoolz0.site/next.php
IP

69.49.234.229:443
ASN

#46606 UNIFIEDLAYER-AS-1

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerLet's Encrypt

Subjectwww.mentoolz0.site

Fingerprint8C:AA:9D:EA:44:12:57:A8:E2:19:DE:EC:53:17:D5:FE:35:1E:EF:18

ValidityMon, 22 May 2023 10:36:06 GMT - Sun, 20 Aug 2023 10:36:05 GMT

Magic

JSON data\012- , ASCII text, with no line terminators

Size

16
Hash

1f57cbd1f1a1ced8f62d34242408414c

52279c54b16f0a88d43d57b4cbb9813ea3cc39ab

c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220

HTTP Headers

                                        POST /next.php HTTP/1.1
Host: mentoolz0.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 13
Origin: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Sat, 10 Jun 2023 11:10:08 GMT
Server: Apache
Access-Control-Allow-Origin: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/1.png

49.51.78.226

404 Not Found

423

URL GET HTTP/1.1

majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/1.png
IP

49.51.78.226:443
ASN

#132203 Tencent Building, Kejizhongyi Avenue

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerGlobalSign nv-sa

Subject*.cos.na-ashburn.myqcloud.com

Fingerprint5E:C8:27:CC:24:D0:F7:7C:A0:4D:7E:B6:0C:65:6F:BE:08:34:1E:66

ValidityWed, 01 Mar 2023 07:36:04 GMT - Mon, 01 Apr 2024 07:36:03 GMT

Magic

XML 1.0 document text\012- XML document, ASCII text

Size

423
Hash

42181439e7f3cf50f3fa8971ed5c95e3

44b245f80bcecf8f54181cd57a3e8337d23d1e30

319ac983a7adb4fd3b771acf0ef42bd97b0905e4265cb9ae2cea428ac0f6302e

HTTP Headers

                                        GET /1.png HTTP/1.1
Host: majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 404 Not Found
Content-Type: application/xml
Content-Length: 423
Connection: keep-alive
Date: Sat, 10 Jun 2023 11:10:10 GMT
Server: tencent-cos
x-cos-request-id: NjQ4NDVhMTJfNGQ5NzBjMDlfMzcxZV8xMjc3MTM3

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

104.18.11.207

200 OK

144877

URL GET HTTP/2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
IP

104.18.11.207:443
ASN

#13335 CLOUDFLARENET

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65325)

Size

144877
Hash

450fc463b8b1a349df717056fbb3e078

895125a4522a3b10ee7ada06ee6503587cbf95c5

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

HTTP Headers

                                        GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 10 Jun 2023 11:10:10 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"450fc463b8b1a349df717056fbb3e078"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 04/26/2023 08:07:14
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 8a26c0bf20cbc993530458a07f9dab25
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d512a90df4bb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.11.207

200 OK

48944

URL GET HTTP/2

maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP

104.18.11.207:443
ASN

#13335 CLOUDFLARENET

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerCloudflare, Inc.

Subjectsni.cloudflaressl.com

Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A

ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (48664)

Size

48944
Hash

14d449eb8876fa55e1ef3c2cc52b0c17

a9545831803b1359cfeed47e3b4d6bae68e40e99

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

                                        GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Sat, 10 Jun 2023 11:10:06 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 11/25/2022 23:23:38
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 865
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: c2ee131225fbe76332904f57eed9bb31
cdn-cache: HIT
cf-cache-status: HIT
age: 138016
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7d512a78b916b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:600

142.250.74.106

200 OK

2895

URL GET HTTP/2

fonts.googleapis.com/css?family=Open+Sans:600
IP

142.250.74.106:443
ASN

#15169 GOOGLE

Requested by

https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/majorleaguelawnpros.html?
Certificate

IssuerGoogle Trust Services LLC

Subjectupload.video.google.com

Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0

ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

Magic

ASCII text, with very long lines (2967), with no line terminators

Size

2895
Hash

2e9f3cf7ce3486bc73028e550fd239a0

36316c593d6aa94e5d03de5399e58bf93be05b5d

5e0e3b20506a39a773514d5604d19a9930a54651e94a8a53c51c8c54b200f0d4

HTTP Headers

                                        GET /css?family=Open+Sans:600 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://majorleaguelawnpros-1318334846.cos.na-ashburn.myqcloud.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 10 Jun 2023 11:10:10 GMT
date: Sat, 10 Jun 2023 11:10:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

#1 JS:Script (size: 338)

#2 JS:Script (size: 69597)

#3 JS:Script (size: 85578)

#4 JS:Script (size: 51039)

#5 JS:Script (size: 0)

#6 JS:Script (size: 19188)

#7 JS:Script (size: 48944)

#8 JS:Script (size: 1119860)

#1 JS:Eval (size: 257)

#2 JS:Eval (size: 4058)

#1 JS:Write (size: 1334)

HTTP Transactions (17)

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

Magic

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by