urlscan.io logo urlscan.io
SecurityTrails logo

jet-dramatic-cockroach.glitch.me Open in urlscan Pro
35.168.222.210  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://jet-dramatic-cockroach.glitch.me/
Effective URL: https://jet-dramatic-cockroach.glitch.me/
Submission: On October 13 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 3 HTTP transactions. The main IP is 35.168.222.210, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is jet-dramatic-cockroach.glitch.me.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 4th 2023. Valid for: a year.
This is the only time jet-dramatic-cockroach.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Excel / PDF download (Online)

Domain & IP information

IP Address AS Autonomous System
1 35.168.222.210 14618 (AMAZON-AES)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 18.66.107.166 16509 (AMAZON-02)
3 3
Domain Requested by
1 d2myx53yhj7u4b.cloudfront.net
1 www.softsolutionworks.com jet-dramatic-cockroach.glitch.me
1 jet-dramatic-cockroach.glitch.me
3 3

This site contains no links.

Subject Issuer Validity Valid
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
softsolutionworks.com
WE1		 2024-09-08 -
2024-12-07		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://jet-dramatic-cockroach.glitch.me/
Frame ID: 7F5A75243D2CD88CC09570147943013F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sample

Page URL History Show full URLs

  1. http://jet-dramatic-cockroach.glitch.me/ HTTP 307
    https://jet-dramatic-cockroach.glitch.me/ Page URL

Page Statistics

3
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

52 kB
Transfer

51 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://jet-dramatic-cockroach.glitch.me/ HTTP 307
    https://jet-dramatic-cockroach.glitch.me/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
jet-dramatic-cockroach.glitch.me/
Redirect Chain
  • http://jet-dramatic-cockroach.glitch.me/
  • https://jet-dramatic-cockroach.glitch.me/
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://jet-dramatic-cockroach.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.168.222.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-168-222-210.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
48d79a21df80cebf9540c71cbea8e93ea331dfc6c6d4a64eb77f49486c486c82

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
2480
content-type
text/html; charset=utf-8
date
Sun, 13 Oct 2024 22:57:55 GMT
etag
"96f2ddea625b85501c4a6465c7377fca"
last-modified
Thu, 03 Oct 2024 13:09:56 GMT
server
AmazonS3
x-amz-id-2
d6woWaR6ZjCeANxARZCck4KrzwpQgBtbPuskBDISqhXA0mlQrvSNVwfbYzpAG2+HVbPjLr20DeE=
x-amz-request-id
ZMJQNX7CPM22D7E9
x-amz-server-side-encryption
AES256
x-amz-version-id
pMzN_nIazJPddA5I3C.tuAmT7MXY56EN

Redirect headers

Location
https://jet-dramatic-cockroach.glitch.me/
Non-Authoritative-Reason
HttpsUpgrades
excel-intro.PNG
www.softsolutionworks.com/images/Excel/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.softsolutionworks.com/images/Excel/excel-intro.PNG
Requested by
Host: jet-dramatic-cockroach.glitch.me
URL: https://jet-dramatic-cockroach.glitch.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::6815:1345 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
422c97d221bffc3da04455f1db0b4e651d132d28a5e50c561ef8c2cd081f62f7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://jet-dramatic-cockroach.glitch.me/

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
etag
"29ec41bc6a59da1:0"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cDZpa3Q2KocUCzFgduY5kHneRC1e5mgPcdhI1OqPqp9ogBD3yyUA023PQQ%2F0D1PgqdVcv%2FqDSdP%2BglrjSxIbQD2LsMoJmHYh6gQYbJ0SlV565tvvYdrYI6Jl3%2F77KzNMZu2PblpSAtbq6LJeqmuJrODFOPeEGOQN"}],"group":"cf-nel","max_age":604800}
cf-ray
8d22ee7619429757-FRA
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
45705
date
Sun, 13 Oct 2024 22:57:56 GMT
content-type
image/png
last-modified
Wed, 07 Feb 2024 02:09:52 GMT
x-powered-by
ASP.NET
server
cloudflare
vary
Accept-Encoding
excel%402x.png
d2myx53yhj7u4b.cloudfront.net/sites/default/files/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://d2myx53yhj7u4b.cloudfront.net/sites/default/files/excel%402x.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.107.166 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-107-166.fra56.r.cloudfront.net
Software
/
Resource Hash
a7295605341b3618c4db0a7adff9f10d10f0d6ef86a91b260e1fc3a549ce9f3d
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://jet-dramatic-cockroach.glitch.me/

Response headers

etag
"5d9e6aee-f8c"
age
1080850
x-lagoon
amazeeio-smar1>sigsci-ingress-nginx>smartsheet-www-production-treebeard:nginx>nginx-6fd4b956fd-2drq9
expires
Fri, 06 Sep 2024 14:28:00 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
dEZgcF2uYMDaBvaIZqvVkrh6KYtF8XZORL-b0Os9_StGtgOv07q5fw==
date
Tue, 01 Oct 2024 10:43:47 GMT
content-type
image/png
last-modified
Wed, 09 Oct 2019 23:19:10 GMT
x-served-by
cache-bfi-kbfi7400054-BFI, cache-fra-etou8220097-FRA
x-cache-hits
22, 0
strict-transport-security
max-age=31557600
cache-control
max-age=2628001
x-timer
S1727779428.814743,VS0,VE165
via
1.1 55107fc1be09ed1afcf3154ed9bd93cc.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
3980
x-amz-cf-pop
FRA56-P5

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Excel / PDF download (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

3 Console Messages

Source Level URL
Text
security warning URL: https://jet-dramatic-cockroach.glitch.me/
Message:
Mixed Content: The page at 'https://jet-dramatic-cockroach.glitch.me/' was loaded over HTTPS, but requested an insecure element 'http://www.softsolutionworks.com/images/Excel/excel-intro.PNG'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://jet-dramatic-cockroach.glitch.me/
Message:
Mixed Content: The page at 'https://jet-dramatic-cockroach.glitch.me/' was loaded over HTTPS, but requested an insecure element 'http://www.softsolutionworks.com/images/Excel/excel-intro.PNG'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
recommendation verbose URL: https://jet-dramatic-cockroach.glitch.me/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o