plain-grave-product.glitch.me Open in urlscan Pro
34.230.121.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://plain-grave-product.glitch.me/dfdts.html?t=1
Submission: On October 11 via api (October 11th 2023, 1:34:19 am UTC) from JP — Scanned from JP

Summary HTTP 7 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 7 HTTP transactions. The main IP is 34.230.121.99, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is plain-grave-product.glitch.me.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 22nd 2023. Valid for: a year.

This is the only time plain-grave-product.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Network Solutions (Internet)

Domain & IP information

	IP Address	AS Autonomous System
1	34.230.121.99 34.230.121.99	14618 (AMAZON-AES) (AMAZON-AES)
6	198.187.29.27 198.187.29.27	22612 (NAMECHEAP...) (NAMECHEAP-NET)
7	3

1 34.230.121.99 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-230-121-99.compute-1.amazonaws.com

plain-grave-product.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 198.187.29.27 (Biddeford, United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server125-3.web-hosting.com

xbdmedi.host	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	xbdmedi.host xbdmedi.host	31 KB
1	glitch.me plain-grave-product.glitch.me	591 KB
7	2

	Domain	Requested by
6	xbdmedi.host	plain-grave-product.glitch.me
1	plain-grave-product.glitch.me
7	2

This site contains links to these domains. Also see Links.

Domain
www.networksolutions.com
knowledge.web.com
forum.web.com
web.com

Subject Issuer	Validity	Valid
glitch.com Amazon RSA 2048 M01	`2023-02-22` - `2024-02-01`	a year	crt.sh
xbdmedi.host Sectigo RSA Domain Validation Secure Server CA	`2023-01-11` - `2024-01-11`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://plain-grave-product.glitch.me/dfdts.html?t=1
Frame ID: 41D5912D643CD8AEAADFE0AD37FBE644
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Network Solutions© Webmail Login

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

622 kB
Transfer

854 kB
Size

0
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: http://www.networksolutions.com/

Search URL Search Domain Scan URL

URL: https://knowledge.web.com/subjects/article/KA-01122
Title: Webmail version 7.10.2 – Release notes

Search URL Search Domain Scan URL

URL: https://knowledge.web.com/subjects/article/KA-01998
Title: Set up your iPhone

Search URL Search Domain Scan URL

URL: https://knowledge.web.com/subjects/article/KA-01019
Title: Set up your Android

Search URL Search Domain Scan URL

URL: https://forum.web.com/networksolutions/faq/#Mail/mail-index.htm
Title: Help Center

Search URL Search Domain Scan URL

URL: http://web.com/legal/privacy-policy.aspx
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.networksolutions.com/legal/static-service-agreement.jsp
Title: Service Agreement

Search URL Search Domain Scan URL

URL: http://www.networksolutions.com/legal/legal-notice.jsp
Title: Terms of Use

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request dfdts.html Show response plain-grave-product.glitch.me/	590 KB 591 KB	632ms 285ms	Document text/html	34.230.121.99 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://plain-grave-product.glitch.me/dfdts.html?t=1 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.230.121.99 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-230-121-99.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `c21d7415a6a4cec9e68de20bd063c2ac20bfbdba43249d0e1557e4b117f50f15` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers accept-ranges bytes cache-control no-cache content-length 603672 content-type text/html; charset=utf-8 date Wed, 11 Oct 2023 01:34:12 GMT etag "6760bfc32cdbb99e7893de6b9382a0c1" last-modified Mon, 09 Oct 2023 17:36:20 GMT server AmazonS3 x-amz-id-2 hGAp8IXdcoQK+KuK6fnyln7ggxJLC55OWVihTu1yKhPe5udrLyfnqecInsYiuP6nfrnjMkl6mfc= x-amz-request-id B10DG4KWMQG5WJ9Q x-amz-server-side-encryption AES256 x-amz-version-id 6nodrO8bvbHxJjlBah9JGsDL1Xv4GJqk
GET H2	200	bootstrap.min.css xbdmedi.host/app/networksolutionsemail/media/css/	111 KB 17 KB	694ms 263ms	Stylesheet text/css	198.187.29.27 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://xbdmedi.host/app/networksolutionsemail/media/css/bootstrap.min.css Requested by Host: plain-grave-product.glitch.me URL: https://plain-grave-product.glitch.me/dfdts.html?t=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.27 Biddeford, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server125-3.web-hosting.com Software LiteSpeed / Resource Hash `96b126417447a9c5d415f06e00e2e6372248c9857f5ff60b6477f8c6f55c449a` Request headers accept-language jp-JP,jp;q=0.9 Referer https://plain-grave-product.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Wed, 11 Oct 2023 01:34:14 GMT content-encoding br last-modified Fri, 19 Jun 2020 22:50:54 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 17377 expires Wed, 18 Oct 2023 01:34:14 GMT
GET H2	200	login.css xbdmedi.host/app/networksolutionsemail/media/css/	4 KB 1 KB	563ms 133ms	Stylesheet text/css	198.187.29.27 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://xbdmedi.host/app/networksolutionsemail/media/css/login.css Requested by Host: plain-grave-product.glitch.me URL: https://plain-grave-product.glitch.me/dfdts.html?t=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.27 Biddeford, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server125-3.web-hosting.com Software LiteSpeed / Resource Hash `b4a1f9089252297f900892c0f78c0443a0f8600d11d51c4ab9e39f9294cca4be` Request headers accept-language jp-JP,jp;q=0.9 Referer https://plain-grave-product.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Wed, 11 Oct 2023 01:34:14 GMT content-encoding br last-modified Fri, 19 Jun 2020 22:50:54 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 1114 expires Wed, 18 Oct 2023 01:34:14 GMT
GET H2	200	jquery-ui-1.10.3.custom.min.css xbdmedi.host/app/networksolutionsemail/media/css/	27 KB 5 KB	695ms 264ms	Stylesheet text/css	198.187.29.27 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://xbdmedi.host/app/networksolutionsemail/media/css/jquery-ui-1.10.3.custom.min.css Requested by Host: plain-grave-product.glitch.me URL: https://plain-grave-product.glitch.me/dfdts.html?t=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.27 Biddeford, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server125-3.web-hosting.com Software LiteSpeed / Resource Hash `990f4e4269eea505b56ea62b131d1725b2abc0e532894132e51b8e2c270846db` Request headers accept-language jp-JP,jp;q=0.9 Referer https://plain-grave-product.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Wed, 11 Oct 2023 01:34:14 GMT content-encoding br last-modified Fri, 19 Jun 2020 22:50:54 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 5045 expires Wed, 18 Oct 2023 01:34:14 GMT
GET H2	200	helpers.js Show response xbdmedi.host/app/networksolutionsemail/media/js/	12 KB 3 KB	695ms 265ms	Script application/javascript	198.187.29.27 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://xbdmedi.host/app/networksolutionsemail/media/js/helpers.js?ver=12839297292 Requested by Host: plain-grave-product.glitch.me URL: https://plain-grave-product.glitch.me/dfdts.html?t=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.27 Biddeford, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server125-3.web-hosting.com Software LiteSpeed / Resource Hash `8a315a59d6f6c9a70132f3c7b6b1bd8d6b684373fa0fb0f4b7d1c7db0e4bcbe3` Request headers accept-language jp-JP,jp;q=0.9 Referer https://plain-grave-product.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Wed, 11 Oct 2023 01:34:14 GMT content-encoding br last-modified Fri, 19 Jun 2020 22:50:54 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 2658 expires Wed, 18 Oct 2023 01:34:14 GMT
GET H2	200	app.js Show response xbdmedi.host/app/networksolutionsemail/media/js/	812 B 533 B	695ms 265ms	Script application/javascript	198.187.29.27 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://xbdmedi.host/app/networksolutionsemail/media/js/app.js?ver=21313 Requested by Host: plain-grave-product.glitch.me URL: https://plain-grave-product.glitch.me/dfdts.html?t=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.27 Biddeford, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server125-3.web-hosting.com Software LiteSpeed / Resource Hash `817eed11e63d582f1ede70ae92e1b2472afc650403cf00e6875a8500aa30f568` Request headers accept-language jp-JP,jp;q=0.9 Referer https://plain-grave-product.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Wed, 11 Oct 2023 01:34:14 GMT content-encoding br last-modified Fri, 19 Jun 2020 22:50:54 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 299 expires Wed, 18 Oct 2023 01:34:14 GMT
GET H2	200	logo.png xbdmedi.host/app/networksolutionsemail/media/images/	4 KB 4 KB	132ms 132ms	Image image/png	198.187.29.27 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://xbdmedi.host/app/networksolutionsemail/media/images/logo.png Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.187.29.27 Biddeford, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server125-3.web-hosting.com Software LiteSpeed / Resource Hash `38f4cd5c0c12b0655856bb8470b15392154ebad70467d63a577ff730e8f248df` Request headers accept-language jp-JP,jp;q=0.9 Referer https://plain-grave-product.glitch.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Wed, 11 Oct 2023 01:34:14 GMT last-modified Fri, 19 Jun 2020 22:50:54 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 4342 expires Wed, 18 Oct 2023 01:34:14 GMT
GET DATA	200 OK	truncated /	106 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `2b491e2211f7003c16a9132d78a95753e0315bf30b1977518d65e3a76dccec20` Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Network Solutions (Internet)

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

plain-grave-product.glitch.me
xbdmedi.host
198.187.29.27
34.230.121.99
2b491e2211f7003c16a9132d78a95753e0315bf30b1977518d65e3a76dccec20
38f4cd5c0c12b0655856bb8470b15392154ebad70467d63a577ff730e8f248df
817eed11e63d582f1ede70ae92e1b2472afc650403cf00e6875a8500aa30f568
8a315a59d6f6c9a70132f3c7b6b1bd8d6b684373fa0fb0f4b7d1c7db0e4bcbe3
96b126417447a9c5d415f06e00e2e6372248c9857f5ff60b6477f8c6f55c449a
990f4e4269eea505b56ea62b131d1725b2abc0e532894132e51b8e2c270846db
b4a1f9089252297f900892c0f78c0443a0f8600d11d51c4ab9e39f9294cca4be
c21d7415a6a4cec9e68de20bd063c2ac20bfbdba43249d0e1557e4b117f50f15

plain-grave-product.glitch.me Open in urlscan Pro 34.230.121.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

622 kBTransfer

854 kBSize

0 Cookies

8 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

33 JavaScript Global Variables

0 Cookies

Indicators

plain-grave-product.glitch.me Open in urlscan Pro
34.230.121.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

622 kB
Transfer

854 kB
Size

0
Cookies

7 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!