pon.bar Open in urlscan Pro
163.44.176.13 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pon.bar/servizio
Submission Tags: falconsandbox
Submission: On January 17 via api (January 17th 2022, 1:44:51 pm UTC) from US — Scanned from JP

Summary HTTP 14 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 163.44.176.13, located in Japan and belongs to INTERQ GMO Internet,Inc, JP. The main domain is pon.bar.
TLS certificate: Issued by R3 on January 11th 2022. Valid for: 3 months.

This is the only time pon.bar was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook Web Access (Online)

Domain & IP information

	IP Address	AS Autonomous System
3 10	163.44.176.13 163.44.176.13	7506 (INTERQ GM...) (INTERQ GMO Internet)
2	3.86.152.72 3.86.152.72	14618 (AMAZON-AES) (AMAZON-AES)
5	151.101.130.132 151.101.130.132	54113 (FASTLY) (FASTLY)
14	3

10 163.44.176.13 (Japan) 3 redirects

ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: v2003.coreserver.jp

pon.bar	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.86.152.72 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-86-152-72.compute-1.amazonaws.com

plus87yhj.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.130.132 (United States)

ASN54113 (FASTLY, US)

cdn.glitch.global	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	pon.bar 3 redirects pon.bar	18 KB
5	glitch.global cdn.glitch.global — Cisco Umbrella Rank: 432954	17 KB
2	glitch.me plus87yhj.glitch.me	5 KB
14	3

	Domain	Requested by
10	pon.bar	3 redirects pon.bar
5	cdn.glitch.global	plus87yhj.glitch.me
2	plus87yhj.glitch.me	pon.bar plus87yhj.glitch.me
14	3

This site contains links to these domains. Also see Links.

Domain
yourls.org
plus87yhj.glitch.me

Subject Issuer	Validity	Valid
ftp.pon.bar R3	`2022-01-11` - `2022-04-11`	3 months	crt.sh
glitch.com Amazon	`2021-01-18` - `2022-02-15`	a year	crt.sh
cdn.glitch.global R3	`2021-12-13` - `2022-03-13`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://pon.bar/servizio
Frame ID: CBCB83DF5AA999D69C209269538C04C0
Requests: 7 HTTP requests in this frame

Frame: https://plus87yhj.glitch.me/js
Frame ID: CFA2B84189595B2D1936A4B6E4452EDC
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Web App — YOURLS

Page Statistics

14
Requests

79 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

40 kB
Transfer

39 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://yourls.org/
Title: YOURLS

Search URL Search Domain Scan URL

URL: https://plus87yhj.glitch.me/js
Title: close

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://pon.bar/user/plugins/sample-toolbar/img/favicon.svg HTTP 302
https://pon.bar/

Request Chain 5

https://pon.bar/user/plugins/sample-toolbar/img/close_button.svg HTTP 302
https://pon.bar/

Request Chain 6

https://pon.bar/user/plugins/sample-toolbar/img/close_button_red.svg HTTP 302
https://pon.bar/

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request servizio Show response pon.bar/	1 KB 714 B	790ms 772ms	Document text/html	163.44.176.13 INTERQ GMO Internet
General Check archive.org Show headers Download Go to Full URL https://pon.bar/servizio Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.44.176.13 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP), Reverse DNS v2003.coreserver.jp Software LiteSpeed / Resource Hash `6da9355362c14ab3bcb5378c36a54cb6dc4042e07b769b9f43662420651beca1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers x-robots-tag noindex content-type text/html; charset=UTF-8 content-length 445 content-encoding br vary Accept-Encoding,User-Agent date Mon, 17 Jan 2022 13:44:47 GMT server LiteSpeed alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET H2	200	toolbar.css pon.bar/user/plugins/sample-toolbar/css/	1 KB 544 B	3ms 2ms	Stylesheet text/css	163.44.176.13 INTERQ GMO Internet
General Check archive.org Show headers Download Go to Full URL https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css Requested by Host: pon.bar URL: https://pon.bar/servizio Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.44.176.13 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP), Reverse DNS v2003.coreserver.jp Software LiteSpeed / Resource Hash `13bffa7787084a7370abf0473d461f9e79799129b8a019c3873c6fd5ec3adc51` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://pon.bar/servizio User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:47 GMT content-encoding br last-modified Tue, 07 Sep 2021 09:25:50 GMT server LiteSpeed etag "4d5-6137301e-cfde1524bae8b34e;br" vary Accept-Encoding,User-Agent content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 408 expires Mon, 24 Jan 2022 13:44:47 GMT
GET H2	200	toolbar.js Show response pon.bar/user/plugins/sample-toolbar/js/	485 B 293 B	3ms 3ms	Script application/javascript	163.44.176.13 INTERQ GMO Internet
General Check archive.org Show headers Download Go to Full URL https://pon.bar/user/plugins/sample-toolbar/js/toolbar.js Requested by Host: pon.bar URL: https://pon.bar/servizio Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.44.176.13 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP), Reverse DNS v2003.coreserver.jp Software LiteSpeed / Resource Hash `987166f1ad706d39ac52c58316a465dda3dce2ed53c6d44f4f08e1dc242b0998` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://pon.bar/servizio User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:47 GMT content-encoding br last-modified Tue, 07 Sep 2021 09:25:50 GMT server LiteSpeed etag "1e5-6137301e-735ab0db7d07dd8f;br" vary Accept-Encoding,User-Agent content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 216 expires Mon, 24 Jan 2022 13:44:47 GMT
GET H2	200	js Show response plus87yhj.glitch.me/ Frame CFA2	2 KB 2 KB	568ms 209ms	Document text/html	3.86.152.72 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://plus87yhj.glitch.me/js Requested by Host: pon.bar URL: https://pon.bar/servizio Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.86.152.72 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-86-152-72.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `e2e9cab6d1d5cfaef252038be8f88060af16ee180616ab5c083ea263fcaa26b8` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Referer https://pon.bar/ Response headers date Mon, 17 Jan 2022 13:44:48 GMT content-type text/html; charset=utf-8 content-length 1920 x-amz-id-2 X1CUaxEK5nzi61ozqJky6a2cd+xRxapvoGRq/D9jA4NesxxLh3xTtXOMc6nMyq5pG9BMzEP7DBU= x-amz-request-id P9F5YM93MYMZFRA6 last-modified Sat, 15 Jan 2022 19:56:47 GMT etag "ca0e5a069746ef7cca6e53ae8f414d55" cache-control no-cache x-amz-version-id wpqtcG6_yqGGoaPulkpgq1gnVngkOikI accept-ranges bytes server AmazonS3
GET H3	200	toolbar_bg.png pon.bar/user/plugins/sample-toolbar/img/	214 B 373 B	2ms 2ms	Image image/png	163.44.176.13 INTERQ GMO Internet
General Check archive.org Show headers Download Go to Show image Full URL https://pon.bar/user/plugins/sample-toolbar/img/toolbar_bg.png Requested by Host: pon.bar URL: https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css Protocol H3 Security QUIC, , AES_128_GCM Server 163.44.176.13 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP), Reverse DNS v2003.coreserver.jp Software LiteSpeed / Resource Hash `f27f3dc7da1166b814fed6d1f32f5d629b4f0ce4af3e3e303ebd181332f094f9` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:47 GMT last-modified Tue, 07 Sep 2021 09:25:50 GMT server LiteSpeed etag "d6-6137301e-fde372017afb7db;;;" vary User-Agent content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 214 expires Mon, 24 Jan 2022 13:44:47 GMT
GET H3	200	/ pon.bar/ Redirect Chain https://pon.bar/user/plugins/sample-toolbar/img/favicon.svg https://pon.bar/	5 KB 5 KB	13ms 12ms	Image text/html	163.44.176.13 INTERQ GMO Internet
General Check archive.org Show headers Download Go to Show image Full URL https://pon.bar/ Requested by Host: pon.bar URL: https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css Protocol H3 Server 163.44.176.13 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP), Reverse DNS v2003.coreserver.jp Software LiteSpeed / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:47 GMT content-encoding br server LiteSpeed content-length 1723 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 Redirect headers location https://pon.bar date Mon, 17 Jan 2022 13:44:47 GMT cache-control no-cache, no-store, must-revalidate, max-age=0 server LiteSpeed content-length 0 vary User-Agent content-type text/html; charset=UTF-8
GET H3	200	/ pon.bar/ Redirect Chain https://pon.bar/user/plugins/sample-toolbar/img/close_button.svg https://pon.bar/	5 KB 5 KB	13ms 13ms	Image text/html	163.44.176.13 INTERQ GMO Internet
General Check archive.org Show headers Download Go to Show image Full URL https://pon.bar/ Requested by Host: pon.bar URL: https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css Protocol H3 Server 163.44.176.13 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP), Reverse DNS v2003.coreserver.jp Software LiteSpeed / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:47 GMT content-encoding br server LiteSpeed content-length 1723 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 Redirect headers location https://pon.bar date Mon, 17 Jan 2022 13:44:47 GMT cache-control no-cache, no-store, must-revalidate, max-age=0 server LiteSpeed content-length 0 vary User-Agent content-type text/html; charset=UTF-8
GET H3	200	/ pon.bar/ Redirect Chain https://pon.bar/user/plugins/sample-toolbar/img/close_button_red.svg https://pon.bar/	5 KB 5 KB	12ms 11ms	Image text/html	163.44.176.13 INTERQ GMO Internet
General Check archive.org Show headers Download Go to Show image Full URL https://pon.bar/ Requested by Host: pon.bar URL: https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css Protocol H3 Server 163.44.176.13 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP), Reverse DNS v2003.coreserver.jp Software LiteSpeed / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://pon.bar/user/plugins/sample-toolbar/css/toolbar.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:47 GMT content-encoding br server LiteSpeed content-length 1731 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8 Redirect headers location https://pon.bar date Mon, 17 Jan 2022 13:44:47 GMT cache-control no-cache, no-store, must-revalidate, max-age=0 server LiteSpeed content-length 0 vary User-Agent content-type text/html; charset=UTF-8
GET H2	200	styles.css plus87yhj.glitch.me/ Frame CFA2	3 KB 3 KB	199ms 198ms	Stylesheet text/css	3.86.152.72 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://plus87yhj.glitch.me/styles.css Requested by Host: plus87yhj.glitch.me URL: https://plus87yhj.glitch.me/js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.86.152.72 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-86-152-72.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `ce53a861c8e1fdd73c4d4c6245e5b296225a8f37af30a54d60f8a3dc4cdee13f` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://plus87yhj.glitch.me/js User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:48 GMT last-modified Sat, 15 Jan 2022 19:56:47 GMT server AmazonS3 x-amz-request-id P9F4148YSBJ4GKD0 etag "197f92d6d8b9e77a6a54c90d25ddb603" content-type text/css; charset=utf-8 cache-control no-cache content-length 2716 accept-ranges bytes x-amz-version-id ceQfI_VVydWzXuqHUTWvWyF_w8_eXDxB x-amz-id-2 07ixqJcWaI0VCTeWUe+oP6ECKvkOfXMyC6PmwUPZNjVhVyvipz39a1G6ebjy1zWxOqg7m2tvndg=
GET H2	200	logo.png cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/ Frame CFA2	2 KB 3 KB	9ms 2ms	Image image/png	151.101.130.132 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/logo.png?v=1642265138693 Requested by Host: plus87yhj.glitch.me URL: https://plus87yhj.glitch.me/js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.132 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://plus87yhj.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:48 GMT via 1.1 varnish, 1.1 varnish age 161795 x-cache HIT, HIT content-length 2503 x-amz-id-2 LVtuPQOTk9o63ck3aQraxMRQjK6Be7HPbSTkqWWN4EbMSFRuFE4bj1VH4hC5dndYgsVrFgMwTLw= x-served-by cache-iad-kjyo7100044-IAD, cache-hnd18737-HND last-modified Sat, 15 Jan 2022 16:45:41 GMT server AmazonS3 x-timer S1642427088.424718,VS0,VE1 etag "fb4df93a98b7af6880c126a8318a60a8" access-control-allow-methods GET, HEAD, POST x-amz-request-id 7NBN9W5Z1W8YPW1R access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-type image/png x-cache-hits 1, 1
GET H2	200	header_bg.png cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/ Frame CFA2	6 KB 6 KB	9ms 2ms	Image image/png	151.101.130.132 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/header_bg.png?v=1642265140694 Requested by Host: plus87yhj.glitch.me URL: https://plus87yhj.glitch.me/js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.132 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://plus87yhj.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:48 GMT via 1.1 varnish, 1.1 varnish age 161771 x-cache HIT, HIT content-length 5856 x-amz-id-2 HMmt0jQz+jjtoJ2Z46NUk0tWzRYJ/bTAKKOY6PWg3WSKNgh5bEaEKnnXsBXZBa846CXEgJhHRGM= x-served-by cache-iad-kcgs7200049-IAD, cache-hnd18737-HND last-modified Sat, 15 Jan 2022 16:45:41 GMT server AmazonS3 x-timer S1642427088.424796,VS0,VE1 etag "4e5d0aabb0cb1cb62fd75c72119fb6dd" access-control-allow-methods GET, HEAD, POST x-amz-request-id 3KGBQYEGM78GJ6VS access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-type image/png x-cache-hits 1, 1
GET H2	200	icon.png cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/ Frame CFA2	1 KB 2 KB	8ms 2ms	Image image/png	151.101.130.132 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/icon.png?v=1642265138357 Requested by Host: plus87yhj.glitch.me URL: https://plus87yhj.glitch.me/js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.132 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://plus87yhj.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:48 GMT via 1.1 varnish, 1.1 varnish age 161750 x-cache HIT, HIT content-length 1441 x-amz-id-2 xuQdRQhIFuGLTDSekp80VuH+IKaW2cHFkO+kdopGXZqzorXQSSXqCq7o9kqn7os/mTYME5Rk6qA= x-served-by cache-iad-kcgs7200103-IAD, cache-hnd18737-HND last-modified Sat, 15 Jan 2022 16:45:40 GMT server AmazonS3 x-timer S1642427088.424855,VS0,VE0 etag "2fc55ac36211fb6b5a051281cc4898ad" access-control-allow-methods GET, HEAD, POST x-amz-request-id 6S0M2073QJ8ZVSQE access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-type image/png x-cache-hits 1, 1
GET H2	200	bg.png cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/ Frame CFA2	1 KB 2 KB	2ms 2ms	Image image/png	151.101.130.132 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/bg.png?v=1642265141264 Requested by Host: plus87yhj.glitch.me URL: https://plus87yhj.glitch.me/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.132 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a` Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://plus87yhj.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:48 GMT via 1.1 varnish, 1.1 varnish age 161897 x-cache HIT, HIT content-length 1434 x-amz-id-2 BjU2wbrKu2pcxyk6LpXZu1eFkfprsNVlX6nkF8NyrBuurL6hRFkjf7A1pCVUQZym71J5PCvYckY= x-served-by cache-iad-kcgs7200162-IAD, cache-hnd18737-HND last-modified Sat, 15 Jan 2022 16:45:39 GMT server AmazonS3 x-timer S1642427089.621832,VS0,VE1 etag "700528c06d9ba83eebb320059f27443f" access-control-allow-methods GET, HEAD, POST x-amz-request-id D6X71VJHGT5XJHNS access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-type image/png x-cache-hits 1, 1
GET H2	200	f1.woff cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/ Frame CFA2	4 KB 5 KB	10ms 3ms	Font binary/octet-stream	151.101.130.132 FASTLY
General Check archive.org Show headers Download Go to Full URL https://cdn.glitch.global/792ea012-8063-40e9-90fd-1a84b24dbddd/f1.woff?v=1642265131432 Requested by Host: plus87yhj.glitch.me URL: https://plus87yhj.glitch.me/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.132 , United States, ASN54113 (FASTLY, US), Reverse DNS Software AmazonS3 / Resource Hash `9393c54f1f8c5d9e1a755636d86edf69dcdff13513bcbcb75a5d2e49c5463617` Request headers Referer https://plus87yhj.glitch.me/ Origin https://plus87yhj.glitch.me Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Mon, 17 Jan 2022 13:44:48 GMT via 1.1 varnish, 1.1 varnish age 8139 x-cache HIT, HIT content-length 4560 x-amz-id-2 oLrmPun8tDLeUdI/46FIHxngatG6fnPj5+l5KWy8cWWhwDUgYursYoGM6UBkXiie8QlAAAm9tzM= x-served-by cache-iad-kiad7000053-IAD, cache-nrt18334-NRT last-modified Sat, 15 Jan 2022 16:45:34 GMT server AmazonS3 x-timer S1642427089.633958,VS0,VE1 etag "41c929e95539af861ca368ef1e06e91b" access-control-allow-methods GET, HEAD, POST x-amz-request-id T3W6GK17SQAFMRJT access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-type binary/octet-stream x-cache-hits 1, 1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook Web Access (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| yourls_cookie_no_toolbar_please

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.glitch.global
plus87yhj.glitch.me
pon.bar
151.101.130.132
163.44.176.13
3.86.152.72
07f38b8b8c1f96ed85ecd96988f0454a95d1f665427086a507c72e55ff3ce0e7
13bffa7787084a7370abf0473d461f9e79799129b8a019c3873c6fd5ec3adc51
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a
6bd745cac7dd2e979f9e89dcd3c1ed3058812be0c88a06fc066360f74120b717
6da9355362c14ab3bcb5378c36a54cb6dc4042e07b769b9f43662420651beca1
9393c54f1f8c5d9e1a755636d86edf69dcdff13513bcbcb75a5d2e49c5463617
987166f1ad706d39ac52c58316a465dda3dce2ed53c6d44f4f08e1dc242b0998
ce53a861c8e1fdd73c4d4c6245e5b296225a8f37af30a54d60f8a3dc4cdee13f
d9ed6586942003696afe4e52b09f343f8342244b51a9e175b75162d7e615207b
e2e9cab6d1d5cfaef252038be8f88060af16ee180616ab5c083ea263fcaa26b8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f27f3dc7da1166b814fed6d1f32f5d629b4f0ce4af3e3e303ebd181332f094f9

pon.bar Open in urlscan Pro 163.44.176.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

14 Requests

79 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

40 kBTransfer

39 kBSize

0 Cookies

2 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

pon.bar Open in urlscan Pro
163.44.176.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

79 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

40 kB
Transfer

39 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!