Report - buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html

Report Overview

Visited public
2023-12-05 10:47:38
Tags
URL
buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html
Finishing URL
buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html
IP / ASN
52.2.151.71
#14618 AMAZON-AES
Title
Excel Mobile

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-04 11:30:31	350 B	942 B	54.230.218.11
buttered-sturdy-meteorite.glitch.me	unknown	unknown	No data	No data	521 B	7.8 kB	34.196.51.7
imgur.com	1987	2009-01-09	2012-10-04 02:07:24	2023-11-20 02:59:30	448 B	543 B	199.232.196.193
i.imgur.com	5110	2009-01-09	2012-05-21 10:09:36	2023-12-04 23:48:45	450 B	285 kB	151.101.84.193
upload.wikimedia.org	2215	2003-03-16	2012-05-21 11:39:45	2023-12-04 18:33:15	595 B	102 kB	185.15.59.240

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-05 10:47:25	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-12-05 10:47:25	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-12-05 10:47:25	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-12-05 10:47:25	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-12-05 10:47:26	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-12-05 10:47:26	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-12-05 10:47:26	high	Client IP	Internal IP	ET PHISHING Possible Glitch.me Phishing Domain
2023-12-05 10:47:26	medium	Client IP	Internal IP	ET HUNTING Suspicious Glitch Hosted DNS Request - Possible Phishing Landing
2023-12-05 10:47:26	medium	Client IP	34.196.51.7	ET HUNTING Suspicious Glitch Hosted TLS SNI Request - Possible Phishing Landing

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-11-30	medium	buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html	Office365

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (5)

URL IP Response Size

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
962c9f30933a5f53428363a9c3a9e914
5a1b96d4e07a7981fb3b85ec8e1a644f09e12ad9
d5f9ab0e3da510e7296ba7fd7ccef4061f7a764b8b7cf3c544fb4f3bdc958e4f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Tue, 05 Dec 2023 10:47:20 GMT
Last-Modified: Tue, 05 Dec 2023 09:10:12 GMT
Server: ECAcc (ska/F6A3)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vj722f1iP_MCv_ajyTfAbvfhjEvqFa4k7mSt4Wxt15eUI8VEBA7ttQ==
Age: 5828

buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html

34.196.51.7

200 OK

7.3 kB

URL User Request GET HTTP/2
buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html
IP
34.196.51.7:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (2034)
Size
7.3 kB (7269 bytes)
Hash
7e6866c39c835b72120a47ce909e5d53
bf57bfe82269ef884fa375413f09bea479a5498a
cc50a4f28e3462cf02973d866bbe311957e0718ae108489e2d8bb851716f5071

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Office365

HTTP Headers

GET /duaxla892lthax.html HTTP/1.1
Host: buttered-sturdy-meteorite.glitch.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 10:47:20 GMT
content-type: text/html; charset=utf-8
content-length: 7269
x-amz-id-2: aGbSmftGB3mQEmCEsn6FGIHnusoCp6+A+hq207sBCmn+lsNyroTfyHDfEbpeJ8hPQKqPmF87UOw=
x-amz-request-id: C03FS328PQ7QEP5W
last-modified: Wed, 29 Nov 2023 21:13:24 GMT
etag: "7e6866c39c835b72120a47ce909e5d53"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: 3pwSlQ6OkpqaeEz_bB9McFbOdoqaWoj_
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

imgur.com/vAVJT9c.png

199.232.196.193

301 Moved Permanently

0 B

URL GET HTTP/2
imgur.com/vAVJT9c.png
IP
199.232.196.193:443
ASN
#54113 FASTLY

Requested by
https://buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html
Certificate
IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /vAVJT9c.png HTTP/1.1
Host: imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://buttered-sturdy-meteorite.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
retry-after: 0
location: https://i.imgur.com/vAVJT9c.png
accept-ranges: bytes
date: Tue, 05 Dec 2023 10:47:21 GMT
x-served-by: cache-bma1669-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1701773241.048761,VS0,VE0
server: cat factory 1.0
strict-transport-security: max-age=300
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-frame-options: DENY
access-control-allow-origin: https://imgur.com
access-control-allow-credentials: false
content-length: 0
X-Firefox-Spdy: h2

i.imgur.com/vAVJT9c.png

151.101.84.193

200 OK

285 kB

URL GET HTTP/2
i.imgur.com/vAVJT9c.png
IP
151.101.84.193:443
ASN
#54113 FASTLY

Requested by
https://buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html
Certificate
IssuerSectigo Limited
Subject*.imgur.com
FingerprintD6:4D:45:03:6D:38:F8:FD:EA:AF:E5:92:B3:4D:85:A5:6B:AF:5C:EC
ValidityMon, 13 Mar 2023 00:00:00 GMT - Tue, 12 Mar 2024 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 1916x1026, components 3\012- data
Size
285 kB (284670 bytes)
Hash
45eeb21f5d92a99999af4f168ab4109f
777953e7999d9a6f7d64a6f22f56f739478f5181
32d6b5039dd56f1484ef8670ee8e8033337b627dde78c6bbf515bfac27ef944c

HTTP Headers

GET /vAVJT9c.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://buttered-sturdy-meteorite.glitch.me/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/jpeg
last-modified: Tue, 25 Jul 2023 08:04:04 GMT
etag: "45eeb21f5d92a99999af4f168ab4109f"
x-amz-server-side-encryption: AES256
x-amz-cf-pop: IAD12-P2
x-amz-cf-id: L65Stab-GoCIqSgCIRA7yQuXFOwHoUfm0mgXrqmXffz83kiWnIKhTg==
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Tue, 05 Dec 2023 10:47:21 GMT
age: 1727919
x-served-by: cache-iad-kcgs7200094-IAD, cache-bma1663-BMA
x-cache: Miss from cloudfront, HIT, HIT
x-cache-hits: 8512, 1
x-timer: S1701773241.156510,VS0,VE2
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 284670
X-Firefox-Spdy: h2

upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png

185.15.59.240

200 OK

101 kB

URL GET HTTP/2
upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://buttered-sturdy-meteorite.glitch.me/duaxla892lthax.html
Certificate
IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint48:3F:0C:71:F3:4A:E0:EA:30:D9:9B:D6:04:63:DC:DA:A8:F4:9D:FB
ValidityWed, 18 Oct 2023 00:00:00 GMT - Wed, 16 Oct 2024 23:59:59 GMT

File type
PNG image data, 2203 x 2049, 8-bit/color RGBA, non-interlaced\012- data
Size
101 kB (100722 bytes)
Hash
b3bba4a529cab7e8211c9019f1347b71
8e8f4514a5b2fdee304e88d12cd21772b0a39efe
5cee67a96f9fa2272be123080687322b21d536f3c2ef85a9eebb042c9a07fe11

HTTP Headers

GET /wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://buttered-sturdy-meteorite.glitch.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 16:41:33 GMT
etag: b3bba4a529cab7e8211c9019f1347b71
server: ATS/9.1.4
content-type: image/png
content-disposition: inline;filename*=UTF-8''Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png
last-modified: Fri, 30 Apr 2021 10:29:43 GMT
content-length: 100722
age: 65148
x-cache: cp3078 hit, cp3078 hit/91
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (5)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers