like-hyper-roof.glitch.me Open in urlscan Pro
3.212.214.204  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response like-hyper-roof.glitch.me/	52 KB 52 KB	317ms 131ms	Document text/html	3.212.214.204 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://like-hyper-roof.glitch.me/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.212.214.204 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-212-214-204.compute-1.amazonaws.com Software AmazonS3 / Resource Hash ed01c63b751906451af807bc2f18b5a22e59471b3760d3a005d9248fed86e357 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control no-cache content-length 52829 content-type text/html; charset=utf-8 date Wed, 02 Oct 2024 08:25:11 GMT etag "9b69bf2db9ed216a421cf225785035c9" last-modified Wed, 02 Oct 2024 01:06:59 GMT server AmazonS3 x-amz-id-2 FDHtDx/22xOxlgndMaC2/A81pXudXgh17/tkvwhuHYJEZbzLm47dToBPkmOhjWzulC/r7lAgM1E= x-amz-request-id 7MM3DA0SGZMYTRZ5 x-amz-server-side-encryption AES256 x-amz-version-id NCBCVnuI92uKzlJXMtl2T00Q7ak6czlM
GET H3	200	crypto-js.min.js Show response cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/	47 KB 14 KB	34ms 21ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js Requested by Host: like-hyper-roof.glitch.me URL: https://like-hyper-roof.glitch.me/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://like-hyper-roof.glitch.me/ Response headers cf-cdnjs-via cfworker/kv content-encoding br cf-cache-status HIT etag "5eb03e2d-bb78" age 1042840 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EFrqLOOPy%2BiWvn6nxOXQiQU9AKJ8jpQBiM%2FXRBQva9hWpCpFvUEt2twPGFVkMogMBuZSRJTAr7daH%2FVlYk3mg2A4kAjXpuzBxS1jn5mNeArGJ0vbiXjAM4YSFxFqh9NwxviGSAwY"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff expires Mon, 22 Sep 2025 08:25:12 GMT date Wed, 02 Oct 2024 08:25:12 GMT content-type application/javascript; charset=utf-8 last-modified Mon, 04 May 2020 16:09:17 GMT vary Accept-Encoding strict-transport-security max-age=15780000 cache-control public, max-age=30672000 timing-allow-origin * nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin cf-ray 8cc34cea7c609f3f-FRA accept-ranges bytes access-control-allow-origin * content-length 14107 server cloudflare
GET H3	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/	90 KB 29 KB	39ms 28ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js Requested by Host: like-hyper-roof.glitch.me URL: https://like-hyper-roof.glitch.me/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://like-hyper-roof.glitch.me/ Response headers cf-cdnjs-via cfworker/kv content-encoding br cf-cache-status HIT etag "5eb03ec4-169d5" age 3208171 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f2iMULg%2BxJl4S%2BxL9j3v0JPsfukQpW1GZ6s1QBW91kKFPyHcLFobRZPnpA0JedqM4HEPwFyKBDOzCbGkCTSYuF7LFFJZcitId7rqmj%2BW9yhMy03d4HoxSHAQHv19kYrIyJib2tVi"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff expires Mon, 22 Sep 2025 08:25:12 GMT date Wed, 02 Oct 2024 08:25:12 GMT content-type application/javascript; charset=utf-8 last-modified Mon, 04 May 2020 16:11:48 GMT vary Accept-Encoding strict-transport-security max-age=15780000 cache-control public, max-age=30672000 timing-allow-origin * nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin cf-ray 8cc34cea7c639f3f-FRA accept-ranges bytes access-control-allow-origin * content-length 29363 server cloudflare
GET H3	200	a9b7OqUfTd0C.jpg gcdnb.pbrd.co/images/	93 KB 94 KB	183ms 149ms	Image image/jpeg	172.67.198.249 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://gcdnb.pbrd.co/images/a9b7OqUfTd0C.jpg?o=1 Requested by Host: like-hyper-roof.glitch.me URL: https://like-hyper-roof.glitch.me/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.198.249 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1b97ddedd36c7695f177dff19d892933c65ccb3459fc0a19e2f0a8ace01a66d9 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://like-hyper-roof.glitch.me/ Response headers x-goog-metageneration 1 x-goog-hash crc32c=6fE/6A==, md5=6wVIX5x55E0IqQMRW4CfqQ== cf-bgj h2pri,csam-hash etag "eb05485f9c79e44d08a903115b809fa9" cf-cache-status REVALIDATED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LVrOwik3HzWfPUummHhEt2DytRQ%2BSfMTiHMief%2FG1UFV4WkqtRadVCz1IwmmsfykXAzV4L0WAuojh3CjI9P0lYkwNLtuSmK4tmUIY2nd8J1VOaoP0h14sewQei1PwBqT"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-encoding identity expires Wed, 02 Oct 2024 09:25:12 GMT x-goog-stored-content-length 95337 date Wed, 02 Oct 2024 08:25:12 GMT content-type image/jpeg last-modified Mon, 15 Jul 2024 23:07:15 GMT vary Accept-Encoding x-guploader-uploadid AD-8ljuhkG8EFlYpEqUy8B9C3FeUIJZRNOZtieKke9Wgh0GGItjwYMU4Hm0w9y0UDL6SLKLgmWRO_U1Zqw cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-goog-storage-class STANDARD x-goog-expiration Sun, 13 Oct 2024 23:07:15 GMT cf-ray 8cc34ceadd59d27e-FRA accept-ranges bytes x-goog-generation 1721084835930957 content-length 95337 server cloudflare
GET H2	200	4x_817cf14a2f3fcff4ee6d4e35c5026779.png static.adobelogin.com/clients/virgoweb-2020/	3 KB 4 KB	85ms 10ms	Image image/png	13.224.189.8 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://static.adobelogin.com/clients/virgoweb-2020/4x_817cf14a2f3fcff4ee6d4e35c5026779.png Requested by Host: like-hyper-roof.glitch.me URL: https://like-hyper-roof.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.189.8 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-189-8.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash bf2c42990195a30809f22c5097c932f55e458d68220a542d1260a62e07fd23c5 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://like-hyper-roof.glitch.me/ Response headers x-amz-version-id null etag "25bd761418173f99a652f875fae7e82c" age 18552 via 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront) accept-ranges bytes alt-svc h3=":443"; ma=86400 x-cache Hit from cloudfront content-length 3484 x-amz-cf-id xXWV9dOfYOHoDO7I0IUcSuHdNe7KwPBzu6CDnBO7LwSjqiVkZPo4XQ== date Wed, 02 Oct 2024 03:16:01 GMT content-type image/png last-modified Thu, 10 Jun 2021 12:31:54 GMT server AmazonS3 x-amz-cf-pop FRA2-C1
GET H2	404	index_Form1_bkgrnd.png like-hyper-roof.glitch.me/images/	4 KB 4 KB	118ms 117ms	Image text/html	3.212.214.204 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://like-hyper-roof.glitch.me/images/index_Form1_bkgrnd.png Requested by Host: like-hyper-roof.glitch.me URL: https://like-hyper-roof.glitch.me/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.212.214.204 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-212-214-204.compute-1.amazonaws.com Software / Resource Hash 2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://like-hyper-roof.glitch.me/ Response headers date Wed, 02 Oct 2024 08:25:12 GMT cache-control max-age=0 content-length 3674
GET H2	200	/ Show response api.ipify.org/	19 B 152 B	129ms 101ms	XHR application/json	104.26.13.205 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.13.205 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1b8ebdb323e3c53b73c88646d6968d34ed90fefce58a87e8505fbf3721fbd95c Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Accept application/json, text/javascript, */*; q=0.01 Referer https://like-hyper-roof.glitch.me/ Response headers cf-cache-status DYNAMIC cf-ray 8cc34ceafcb818f9-FRA access-control-allow-origin * content-length 19 date Wed, 02 Oct 2024 08:25:12 GMT content-type application/json vary Origin server cloudflare
GET		excel_24.ico pngtoico.io/upload/tmp/excel_24.824/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

pngtoico.io

URL

https://pngtoico.io/upload/tmp/excel_24.824/excel_24.ico

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Adobe (Consumer)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _TnvD4h58gdI59ysb45Rcn1oyyI8S39T7LDG0U0DYCLNKHpfo function| _XEs5oG59W9h3nQY3KK8NBxY057j0R63Uw28gpAf7xXMfV5kvM object| _$ object| _LaIQ84Ms8rZH09r8gfj8EH9A25CgyT2Ksb3MIs37q number| _SpP66Vb3kXEg95Sa9o2uD98LO object| _JJvC0a2dy0Wh421p9aNS4g object| _VFrGvH27MR9xPiQ64 object| _BwtI52wKNbxUdf1qZTJ26m5Ak5BI object| CryptoJS string| token string| chat_id function| $ function| jQuery function| ValidateForm1

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.0.0/crypto-js.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://like-hyper-roof.glitch.me/images/index_Form1_bkgrnd.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.ipify.org
cdnjs.cloudflare.com
gcdnb.pbrd.co
like-hyper-roof.glitch.me
pngtoico.io
static.adobelogin.com
pngtoico.io
104.17.24.14
104.26.13.205
13.224.189.8
172.67.198.249
3.212.214.204
1b8ebdb323e3c53b73c88646d6968d34ed90fefce58a87e8505fbf3721fbd95c
1b97ddedd36c7695f177dff19d892933c65ccb3459fc0a19e2f0a8ace01a66d9
2784f6ffefbd5fcae302d112e1629907deed1e36f9c2050ea6d7038eec3f649c
bf2c42990195a30809f22c5097c932f55e458d68220a542d1260a62e07fd23c5
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
eab5d90a71736f267af39fdf32caa8c71673fd06703279b01e0f92b0d7be0bfc
ed01c63b751906451af807bc2f18b5a22e59471b3760d3a005d9248fed86e357