ribbon-lilac-tractor.glitch.me Open in urlscan Pro
34.202.51.116  Malicious Activity! Public Scan

20 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response ribbon-lilac-tractor.glitch.me/	9 KB 9 KB	253ms 104ms	Document text/html	34.202.51.116 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://ribbon-lilac-tractor.glitch.me/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.202.51.116 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-202-51-116.compute-1.amazonaws.com Software AmazonS3 / Resource Hash c4dbb63472982901e3d90d34ae3e1d6e7b005f5430a18ce872cafe090384fdd7 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language en-US,en;q=0.9 Response headers accept-ranges bytes cache-control no-cache content-length 8817 content-type text/html; charset=utf-8 date Thu, 12 Oct 2023 12:45:07 GMT etag "207332380c6e2e296fdd275b4facaf60" last-modified Thu, 12 Oct 2023 06:41:15 GMT server AmazonS3 x-amz-id-2 x5WWnVtpG2q7xblwNP3kI+g1Zuz5o3ZjA/EbjuCc1NHllEsjrD90aCMW9UDucazbp0pa7rf/PYo= x-amz-request-id G5J5H6JRYHSZP590 x-amz-server-side-encryption AES256 x-amz-version-id ywphFcNSsto4FVsJd90_tLc_32UreQrk
GET H2	200	style.css ribbon-lilac-tractor.glitch.me/	12 KB 12 KB	103ms 102ms	Stylesheet text/css	34.202.51.116 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://ribbon-lilac-tractor.glitch.me/style.css Requested by Host: ribbon-lilac-tractor.glitch.me URL: https://ribbon-lilac-tractor.glitch.me/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.202.51.116 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-202-51-116.compute-1.amazonaws.com Software AmazonS3 / Resource Hash 2387a1eec3fb393d2e1dd98ba60f08582ffbf919c3c8291115e8e484463aadab Request headers accept-language en-US,en;q=0.9 Referer https://ribbon-lilac-tractor.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Thu, 12 Oct 2023 12:45:07 GMT x-amz-version-id 7G0mFplPGFbVEmmQ01kmZiYgiIGk3ihu last-modified Thu, 12 Oct 2023 06:41:15 GMT server AmazonS3 x-amz-request-id G5J1SB2GRKHBRAMR etag "5dc0d54f931ffa650b01299b45b9f397" x-amz-server-side-encryption AES256 content-type text/css; charset=utf-8 cache-control no-cache accept-ranges bytes content-length 11944 x-amz-id-2 ORUdlx154oUqBz6k6GrKcKlg7E/URdt2hWuf1PzZpgKBGHbz/aP/vB50RxNTFmLEic1vl2a1N1M=
GET H2	200	4aAhOWlwaXf.svg static.xx.fbcdn.net/rsrc.php/yI/r/	2 KB 1 KB	214ms 106ms	Image image/svg+xml	2a03:2880:f012:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/yI/r/4aAhOWlwaXf.svg Requested by Host: ribbon-lilac-tractor.glitch.me URL: https://ribbon-lilac-tractor.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 0d6f8d206a6bd8b60a2048a3df206ac956a2f633786e4af1c02057f81758ad7a Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://ribbon-lilac-tractor.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Thu, 12 Oct 2023 12:45:08 GMT content-encoding br x-content-type-options nosniff content-md5 mOuWB7wXlE6XUTOVRHYuCQ== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 956 x-fb-debug AMCBnmnhQZOdDiCNnFswrRKIzJzh0ZfQOPB8xQbIsYxiRmjCxD6zaW9uaKqTx67M4MzNQU9loo5Wt2IszK2U/w== last-modified Mon, 01 Jan 2001 08:00:00 GMT vary Accept-Encoding content-type image/svg+xml access-control-allow-origin * origin-agent-cluster ?0 cache-control public,max-age=31536000,immutable permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Thu, 03 Oct 2024 16:27:55 GMT
GET H2	200	hsts-pixel.gif facebook.com/security/	43 B 2 KB	392ms 149ms	Image image/gif	2a03:2880:f112:83:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://facebook.com/security/hsts-pixel.gif Requested by Host: ribbon-lilac-tractor.glitch.me URL: https://ribbon-lilac-tractor.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language en-US,en;q=0.9 Referer https://ribbon-lilac-tractor.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; content-encoding br x-content-type-options nosniff strict-transport-security max-age=15552000; includeSubDomains date Thu, 12 Oct 2023 12:45:08 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 pragma no-cache x-fb-debug 2oGWLVyYI7freBIEBne/Tejb/fBMZTpcI+QQvCbJLld2llVcMuFgXF2KokEoj5mT33Ty8OHbimGnH3TllRlx3w== cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding x-frame-options DENY content-type image/gif access-control-allow-origin * origin-agent-cluster ?0 cache-control private, no-cache, no-store, must-revalidate permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	O7nelmd9XSI.png static.xx.fbcdn.net/rsrc.php/v3/yU/r/	95 B 665 B	58ms 56ms	Image image/png	2a03:2880:f012:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/O7nelmd9XSI.png Requested by Host: ribbon-lilac-tractor.glitch.me URL: https://ribbon-lilac-tractor.glitch.me/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://ribbon-lilac-tractor.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Thu, 12 Oct 2023 12:45:08 GMT x-content-type-options nosniff content-md5 OcEdZWIg79UvSWVADRSQCg== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 95 x-fb-debug 47yT0Z0rwGxxVrvE6R4Q8NlHjK70yXBuici4PnGoOZ1ehCNaHGcldYxa3jbhtnkAHsVaFa+mo5j6L3zbZR9B1w== last-modified Mon, 01 Jan 2001 08:00:00 GMT content-type image/png access-control-allow-origin * origin-agent-cluster ?0 cache-control public,max-age=31536000,immutable permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Sat, 05 Oct 2024 07:59:26 GMT
GET H2	200	Y0L6f5sxdIV.png static.xx.fbcdn.net/rsrc.php/v3/yB/r/	7 KB 7 KB	58ms 57ms	Image image/png	2a03:2880:f012:8:face:b00c:0:1 FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://static.xx.fbcdn.net/rsrc.php/v3/yB/r/Y0L6f5sxdIV.png Requested by Host: ribbon-lilac-tractor.glitch.me URL: https://ribbon-lilac-tractor.glitch.me/style.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 633002f58522bb2b155769bd8c96d8ed33271f888a2402d46d8e24935cdd03a2 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-US,en;q=0.9 Referer https://ribbon-lilac-tractor.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Thu, 12 Oct 2023 12:45:08 GMT x-content-type-options nosniff content-md5 hFRfTj3CmfIMC+ZxDLCYWA== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 6739 x-fb-debug G5ocJOaiTZmrKJ6CgL6yu4ZGLivQfPyFMmQQd1jJN7om73cowOpkMjI2EMfXk5wE+sxeTIsBNqMgomYuomW5rw== last-modified Mon, 01 Jan 2001 08:00:00 GMT content-type image/png access-control-allow-origin * origin-agent-cluster ?0 cache-control public,max-age=31536000,immutable permissions-policy accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=() timing-allow-origin * expires Wed, 02 Oct 2024 02:57:46 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
ribbon-lilac-tractor.glitch.me
static.xx.fbcdn.net
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
34.202.51.116
0d6f8d206a6bd8b60a2048a3df206ac956a2f633786e4af1c02057f81758ad7a
2387a1eec3fb393d2e1dd98ba60f08582ffbf919c3c8291115e8e484463aadab
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
633002f58522bb2b155769bd8c96d8ed33271f888a2402d46d8e24935cdd03a2
c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c
c4dbb63472982901e3d90d34ae3e1d6e7b005f5430a18ce872cafe090384fdd7