absorbed-soapy-mustard.glitch.me Open in urlscan Pro
52.2.203.178  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response absorbed-soapy-mustard.glitch.me/	230 KB 230 KB	332ms 129ms	Document text/html	52.2.203.178 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://absorbed-soapy-mustard.glitch.me/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.2.203.178 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-203-178.compute-1.amazonaws.com Software AmazonS3 / Resource Hash 83622ba6c26853e0430e992db0387f44234182fe3568770ce9cf6e87d0f059b5 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes cache-control no-cache content-length 235248 content-type text/html; charset=utf-8 date Fri, 17 Jan 2025 01:58:31 GMT etag "a1d076d5a0c2aff0d83957bde4b4c188" last-modified Thu, 16 Jan 2025 06:58:53 GMT server AmazonS3 x-amz-id-2 UipAEX3jSXvzNlcP/Cv5ypRKAnKkp4K7B1XszNAFCqEn/JCuG+Pr7R75jLtCCOJoe2ywfqK8Ndw= x-amz-request-id 976SG8W98XETPWMH x-amz-server-side-encryption AES256 x-amz-version-id LxbKE6SzNTQPJuK3259mCAbCfWkwH3b9
GET H3	200	bootstrap.min.css maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/	141 KB 22 KB	35ms 16ms	Stylesheet text/css	2606:4700::6812:acf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css Requested by Host: absorbed-soapy-mustard.glitch.me URL: https://absorbed-soapy-mustard.glitch.me/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Origin https://absorbed-soapy-mustard.glitch.me Referer https://absorbed-soapy-mustard.glitch.me/ Response headers cdn-status 200 content-encoding br cf-cache-status HIT etag "450fc463b8b1a349df717056fbb3e078" age 67741 x-content-type-options nosniff alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Fri, 17 Jan 2025 01:58:32 GMT last-modified Mon, 25 Jan 2021 22:04:04 GMT content-type text/css; charset=utf-8 vary Accept-Encoding cdn-cache HIT cdn-cachedat 12/12/2024 06:28:53 cdn-requestpullcode 200 priority u=0,i=?0 strict-transport-security max-age=31536000; includeSubDomains; preload cache-control public, max-age=31919000 cdn-requestpullsuccess True timing-allow-origin * cdn-requesttime 1 cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cdn-requestid 9df27b2ae8f2c9bdfea93f0e06fb132c cross-origin-resource-policy cross-origin cdn-pullzone 252412 cdn-proxyver 1.06 cf-ray 9032bda48e749217-FRA access-control-allow-origin * cdn-edgestorageid 718 server cloudflare cdn-requestcountrycode US
GET H2	200	css fonts.googleapis.com/	1 KB 959 B	42ms 16ms	Stylesheet text/css	2a00:1450:4001:808::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap Requested by Host: absorbed-soapy-mustard.glitch.me URL: https://absorbed-soapy-mustard.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 88f23b85d81514d63da43985d4e8be67c1d4235e42768ebdc3783f88fb36c1e0 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://absorbed-soapy-mustard.glitch.me/ Response headers content-encoding gzip x-content-type-options nosniff expires Fri, 17 Jan 2025 01:58:32 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Fri, 17 Jan 2025 01:58:32 GMT content-type text/css; charset=utf-8 vary Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site last-modified Fri, 17 Jan 2025 01:18:58 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 link <https://fonts.gstatic.com>; rel=preconnect; crossorigin cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * cross-origin-opener-policy same-origin-allow-popups cross-origin-resource-policy cross-origin access-control-allow-origin * x-xss-protection 0 server ESF
GET H2	403	585b051251.js kit.fontawesome.com/	0 0	509ms 487ms	Script text/plain	2606:4700:4400::ac40:93bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://kit.fontawesome.com/585b051251.js Requested by Host: absorbed-soapy-mustard.glitch.me URL: https://absorbed-soapy-mustard.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Origin https://absorbed-soapy-mustard.glitch.me Referer https://absorbed-soapy-mustard.glitch.me/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers access-control-max-age 3000 x-request-id GBtYP-oxBDhmXdIES96C cache-control max-age=0, private, must-revalidate cf-cache-status MISS access-control-allow-methods GET, OPTIONS cf-ray 9032bda48813dcb2-FRA access-control-allow-origin * content-length 9 date Fri, 17 Jan 2025 01:58:32 GMT vary Accept-Encoding server cloudflare access-control-allow-headers accept, accept-langauge, content-language, content-type, fa-kit-token
GET H2	200	mydhl-plus.svg asfasfasfasp.neocities.org/	1 KB 1 KB	46ms 10ms	Image image/svg+xml	2620:2:6000::a:1 NEOCITIES
General Check archive.org Show headers Download Go to Show image Full URL https://asfasfasfasp.neocities.org/mydhl-plus.svg Requested by Host: absorbed-soapy-mustard.glitch.me URL: https://absorbed-soapy-mustard.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:2:6000::a:1 , United States, ASN395409 (NEOCITIES, US), Reverse DNS Software neocities / Resource Hash b6efabdf54d681e8edfb7e930a603576bc4318fa4a813b3edf1170157d06f3fe Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://absorbed-soapy-mustard.glitch.me/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-security-policy upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * x-neocities-cdn cdn-fra-1 content-encoding br etag W/"614aee7c-5ac" upgrade-insecure-requests 1 date Fri, 17 Jan 2025 01:58:32 GMT content-type image/svg+xml vary Accept-Encoding server neocities last-modified Wed, 22 Sep 2021 08:51:08 GMT x-cached HIT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 30 KB	33ms 7ms	Script text/javascript	2a00:1450:4001:808::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: absorbed-soapy-mustard.glitch.me URL: https://absorbed-soapy-mustard.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://absorbed-soapy-mustard.glitch.me/ Response headers content-encoding gzip age 234460 report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} x-content-type-options nosniff expires Wed, 14 Jan 2026 08:50:52 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Tue, 14 Jan 2025 08:50:52 GMT last-modified Tue, 03 Mar 2020 19:15:00 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding cache-control public, max-age=31536000, stale-while-revalidate=2592000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers accept-ranges bytes access-control-allow-origin * content-length 30028 x-xss-protection 0 server sffe
GET H3	200	ZIDUWrZHWgKr.jpg gcdnb.pbrd.co/images/	351 KB 352 KB	35ms 15ms	Image image/jpeg	2606:4700:3033::6815:44dc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://gcdnb.pbrd.co/images/ZIDUWrZHWgKr.jpg?o=1 Requested by Host: absorbed-soapy-mustard.glitch.me URL: https://absorbed-soapy-mustard.glitch.me/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:44dc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6a21a784da6fab8b98278bb8d472127f4c325556224532de892470fb5902ca36 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://absorbed-soapy-mustard.glitch.me/ Response headers x-goog-metageneration 1 x-goog-hash crc32c=VfkJKA==, md5=TDxVxdU9SS3UQJiHJPy81Q== cf-bgj h2pri,csam-hash etag "4c3c55c5d53d492dd440988724fcbcd5" age 772 cf-cache-status HIT report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUbu44TInPnGUEQi9t4MhWKkoC%2F265KVIUF2L6I809rHnCaQyZzSm165yhsPfMJBlOt7V5rFP%2Br9KYJ6owfONaYBsz0BRcACrpT44wWN3438sWWUevVXOd9cUe7mkkW7lMwroJYT6t07pdnB"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-encoding identity expires Fri, 17 Jan 2025 02:45:40 GMT alt-svc h3=":443"; ma=86400 x-goog-stored-content-length 359375 server-timing cfL4;desc="?proto=QUIC&rtt=6055&min_rtt=5925&rtt_var=1350&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4131&recv_bytes=4369&delivery_rate=98217&cwnd=12000&unsent_bytes=0&cid=ed84bbac5ad56f58&ts=19&x=1", cfExtPri, cfHdrFlush;dur=0 date Fri, 17 Jan 2025 01:58:32 GMT content-type image/jpeg last-modified Wed, 27 Nov 2024 22:25:12 GMT vary Accept-Encoding priority u=1,i x-guploader-uploadid AFiumC63Vr2BOGMR1puKBqo_fmbPNvOri_P8ncB9blRmO63bfsfOVjZASpt0OAa-jwM1M1R8bN4StQg cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-goog-storage-class STANDARD x-goog-expiration Tue, 25 Feb 2025 22:25:12 GMT cf-ray 9032bda7cb9cd2bb-FRA accept-ranges bytes x-goog-generation 1732746312233982 content-length 359375 server cloudflare
GET H2	200	favicon.gif mydhlplus.dhl.com/etc/designs/dhl/	3 KB 3 KB	97ms 26ms	Other image/gif	88.221.123.121 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://mydhlplus.dhl.com/etc/designs/dhl/favicon.gif Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 88.221.123.121 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS a88-221-123-121.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 365974fed7f1fa7bb42b2e309fb01e68a1954d479f841a67b4d6081336992899 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http: Strict-Transport-Security max-age=31536000 ; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://absorbed-soapy-mustard.glitch.me/ Response headers etag "b49-62b62338f5eaf" x-content-type-options nosniff expires Mon, 13 Jan 2025 19:08:15 GMT server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1737079113048_1490909998_113102543_133_10444_12_14_219";dur=1 x-akamai-tls tls1.2 date Fri, 17 Jan 2025 01:58:33 GMT content-type image/gif content-disposition attachment last-modified Fri, 10 Jan 2025 23:10:32 GMT x-frame-options SAMEORIGIN strict-transport-security max-age=31536000 ; includeSubDomains content-security-policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http: cache-control max-age=10800, public accept-ranges bytes content-length 2889 akamai-grn 0.2e7bdd58.1737079113.6bdcecf server nginx
GET H2	200	favicon.gif mydhlplus.dhl.com/etc/designs/dhl/	3 KB 0	0ms 0ms	Other image/gif	88.221.123.121 AKAMAI-ASN1 Akama...
General Check archive.org Show headers Download Go to Full URL https://mydhlplus.dhl.com/etc/designs/dhl/favicon.gif Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 88.221.123.121 Hamburg, Germany, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL), Reverse DNS a88-221-123-121.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 365974fed7f1fa7bb42b2e309fb01e68a1954d479f841a67b4d6081336992899 Security Headers Name Value Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http: X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://absorbed-soapy-mustard.glitch.me/ Response headers etag "b49-62b62338f5eaf" x-content-type-options nosniff expires Mon, 13 Jan 2025 19:08:15 GMT server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1737079113048_1490909998_113102543_133_10444_12_14_219";dur=1 x-akamai-tls tls1.2 date Fri, 17 Jan 2025 01:58:33 GMT content-type image/gif content-disposition attachment last-modified Fri, 10 Jan 2025 23:10:32 GMT x-frame-options SAMEORIGIN content-security-policy default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.dhl.com ws: https: http: cache-control max-age=10800, public accept-ranges bytes content-length 2889 akamai-grn 0.2e7bdd58.1737079113.6bdcecf server nginx

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _A50H35mL12qk99eWjM12SQ049X1R4ejpfo function| _QTW7v07E7O88q9h34lb8s995Gkyp1qUk0c1B3e75Bz object| _$ object| _V77u0W95chN2s6C2VUJ84CW9S number| _D0S246T0881I4cS3K907pW5iY75jOeEZnYTC8xOgKjw334F object| _WB0KDTM76i2UD0zV3VK object| _Lm10XZapTpHikci0EGx1Hbug8RKH0Ok48yXJRYdb object| _YuYfU6W7jGd081eXnOuti4t1NY function| $ function| jQuery function| handleBase64Data function| GetBrowserandLanguage function| logVisitorToTelegram function| getMXRecord function| getVisitorIP function| sendVisitorIP

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://kit.fontawesome.com/585b051251.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://kit.fontawesome.com/585b051251.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://kit.fontawesome.com/585b051251.js Message: Failed to load resource: the server responded with a status of 403 ()
recommendation	verbose	URL: https://absorbed-soapy-mustard.glitch.me/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

absorbed-soapy-mustard.glitch.me
ajax.googleapis.com
asfasfasfasp.neocities.org
fonts.googleapis.com
gcdnb.pbrd.co
kit.fontawesome.com
maxcdn.bootstrapcdn.com
mydhlplus.dhl.com
2606:4700:3033::6815:44dc
2606:4700:4400::ac40:93bc
2606:4700::6812:acf
2620:2:6000::a:1
2a00:1450:4001:808::200a
52.2.203.178
88.221.123.121
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
365974fed7f1fa7bb42b2e309fb01e68a1954d479f841a67b4d6081336992899
6a21a784da6fab8b98278bb8d472127f4c325556224532de892470fb5902ca36
83622ba6c26853e0430e992db0387f44234182fe3568770ce9cf6e87d0f059b5
88f23b85d81514d63da43985d4e8be67c1d4235e42768ebdc3783f88fb36c1e0
b6efabdf54d681e8edfb7e930a603576bc4318fa4a813b3edf1170157d06f3fe