rune-puffy-enemy.glitch.me Open in urlscan Pro
3.231.39.129 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://rune-puffy-enemy.glitch.me/
Submission: On February 06 via automatic, source openphish (February 6th 2021, 1:22:25 am UTC)

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 3.231.39.129, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is rune-puffy-enemy.glitch.me.

This is the only time rune-puffy-enemy.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation) Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	3.231.39.129 3.231.39.129	14618 (AMAZON-AES) (AMAZON-AES)
10	66.117.3.171 66.117.3.171	22611 (INMOTION) (INMOTION)
11	2

1 3.231.39.129 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-231-39-129.compute-1.amazonaws.com

rune-puffy-enemy.glitch.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 66.117.3.171 (Santa Monica, United States)

ASN22611 (INMOTION, US)
PTR: vps544.inmotionhosting.com

livcifilter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	livcifilter.com livcifilter.com	154 KB
1	glitch.me rune-puffy-enemy.glitch.me	4 KB
11	2

	Domain	Requested by
10	livcifilter.com	rune-puffy-enemy.glitch.me
1	rune-puffy-enemy.glitch.me
11	2

This site contains no links.

Subject Issuer	Validity	Valid
livcifilter.com cPanel, Inc. Certification Authority	`2021-01-26` - `2021-04-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://rune-puffy-enemy.glitch.me/
Frame ID: 1D7567441238EBA0CB046E28E840CD2E
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Amazon S3 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

headers server /^AmazonS3$/i

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

158 kB
Transfer

156 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response rune-puffy-enemy.glitch.me/	4 KB 4 KB	310ms 276ms	Document text/html	3.231.39.129 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL http://rune-puffy-enemy.glitch.me/ Protocol HTTP/1.1 Server 3.231.39.129 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-231-39-129.compute-1.amazonaws.com Software AmazonS3 / Resource Hash `de48d405bc078fab9481f810c7d72d4c20e72e85a650600dd052b1c9596aa969` Request headers Host rune-puffy-enemy.glitch.me Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 06 Feb 2021 01:21:52 GMT Content-Type text/html; charset=utf-8 Content-Length 3740 Connection keep-alive x-amz-id-2 BZm2qD1xTsvILEQh4SrzS6wDvwAJBjBy/Z/+MtcADn3dLnNFUoC5D1Y3MYTWd1ce993xbwnWgt4= x-amz-request-id B0C41A44E02894CC last-modified Thu, 04 Feb 2021 13:42:19 GMT etag "1d300d49c76db890cf9a2d1c4758f24f" cache-control no-cache x-amz-version-id hixvip_iDgYz5ZBg03LiNFDqKlNukDZb accept-ranges bytes server AmazonS3
GET H2	200	dhl_logo.gif livcifilter.com/web/dh/	443 B 496 B	682ms 195ms	Image image/gif	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/dhl_logo.gif Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `2f680b51b19fc3c5befd02bd9d0d4e88c2722a5210157e4ef68933c5ba352109` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:52 GMT last-modified Wed, 06 Jan 2021 05:40:09 GMT server Apache accept-ranges bytes content-length 443 content-type image/gif
GET H2	200	gmail.jpg livcifilter.com/web/dh/	15 KB 15 KB	685ms 198ms	Image image/jpeg	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/gmail.jpg Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `85d2f2cd12dfc2d3b4fdc03f2b80b825237dc70bda8010d842c661fab0603260` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:52 GMT last-modified Wed, 06 Jan 2021 05:40:10 GMT server Apache accept-ranges bytes content-length 15630 content-type image/jpeg
GET H2	200	roundcube.png livcifilter.com/web/dh/	29 KB 29 KB	1024ms 539ms	Image image/png	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/roundcube.png Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `47e731a22b5a4db703e529a2cb9a39c15a1e0b23bf1d1ae7a39129c6e4b58153` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:52 GMT last-modified Wed, 06 Jan 2021 05:40:10 GMT server Apache accept-ranges bytes content-length 29277 content-type image/png
GET H2	200	horde.png livcifilter.com/web/dh/	5 KB 5 KB	1188ms 703ms	Image image/png	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/horde.png Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `0797465363374efeff8dff97955f6f80bfe2db93905f407421179327d53d01a5` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:53 GMT last-modified Wed, 06 Jan 2021 05:40:10 GMT server Apache accept-ranges bytes content-length 5030 content-type image/png
GET H2	200	outlook.png livcifilter.com/web/dh/	5 KB 5 KB	1188ms 703ms	Image image/png	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/outlook.png Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:53 GMT last-modified Wed, 06 Jan 2021 05:40:10 GMT server Apache accept-ranges bytes content-length 5104 content-type image/png
GET H2	200	Squirrelmail_logo.png livcifilter.com/web/dh/	41 KB 41 KB	1024ms 540ms	Image image/png	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/Squirrelmail_logo.png Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `c5c10376ded4b11ef6d5e4ccf79f0347c882d9cbb946d0e19f411b2b373f919e` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:52 GMT last-modified Wed, 06 Jan 2021 05:51:46 GMT server Apache accept-ranges bytes content-length 41510 content-type image/png
GET H2	200	yahoo.jpg livcifilter.com/web/dh/	17 KB 17 KB	640ms 196ms	Image image/jpeg	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/yahoo.jpg Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `d978da0989203f63f452490fb6239e5609e775b8e8638047a7f581e5944aa50e` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:52 GMT last-modified Wed, 06 Jan 2021 05:51:48 GMT server Apache accept-ranges bytes content-length 16934 content-type image/jpeg
GET H2	200	netease_png.png livcifilter.com/web/dh/	992 B 1 KB	640ms 196ms	Image image/png	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/netease_png.png Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `821ed71ac4fb691c086ddb9e6453f3317c083413428f98271c2f52f3b170044b` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:52 GMT last-modified Wed, 06 Jan 2021 05:40:10 GMT server Apache accept-ranges bytes content-length 992 content-type image/png
GET H2	200	aol.jpg livcifilter.com/web/dh/	36 KB 37 KB	641ms 196ms	Image image/jpeg	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/aol.jpg Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `41e23888abf246fb2529e360179d8312cef0921fa0631136d332afbaee7992ad` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:52 GMT last-modified Wed, 06 Jan 2021 05:40:10 GMT server Apache accept-ranges bytes content-length 37211 content-type image/jpeg
GET H2	200	5_1_dhl_global_locator_all_340_187.gif livcifilter.com/web/dh/	4 KB 4 KB	640ms 195ms	Image image/gif	66.117.3.171 INMOTION
General Check archive.org Show headers Download Go to Show image Full URL https://livcifilter.com/web/dh/5_1_dhl_global_locator_all_340_187.gif Requested by Host: rune-puffy-enemy.glitch.me URL: http://rune-puffy-enemy.glitch.me/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 66.117.3.171 Santa Monica, United States, ASN22611 (INMOTION, US), Reverse DNS vps544.inmotionhosting.com Software Apache / Resource Hash `d87ca059e18a471de8b916dfbcdfc3ef7fda94da362b986de701006ef469a43f` Request headers Referer http://rune-puffy-enemy.glitch.me/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Sat, 06 Feb 2021 01:21:52 GMT last-modified Wed, 06 Jan 2021 05:41:21 GMT server Apache accept-ranges bytes content-length 4135 content-type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation) Generic (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

livcifilter.com
rune-puffy-enemy.glitch.me
3.231.39.129
66.117.3.171
0797465363374efeff8dff97955f6f80bfe2db93905f407421179327d53d01a5
2f680b51b19fc3c5befd02bd9d0d4e88c2722a5210157e4ef68933c5ba352109
41e23888abf246fb2529e360179d8312cef0921fa0631136d332afbaee7992ad
47e731a22b5a4db703e529a2cb9a39c15a1e0b23bf1d1ae7a39129c6e4b58153
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
821ed71ac4fb691c086ddb9e6453f3317c083413428f98271c2f52f3b170044b
85d2f2cd12dfc2d3b4fdc03f2b80b825237dc70bda8010d842c661fab0603260
c5c10376ded4b11ef6d5e4ccf79f0347c882d9cbb946d0e19f411b2b373f919e
d87ca059e18a471de8b916dfbcdfc3ef7fda94da362b986de701006ef469a43f
d978da0989203f63f452490fb6239e5609e775b8e8638047a7f581e5944aa50e
de48d405bc078fab9481f810c7d72d4c20e72e85a650600dd052b1c9596aa969

rune-puffy-enemy.glitch.me Open in urlscan Pro 3.231.39.129 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

91 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

158 kBTransfer

156 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

rune-puffy-enemy.glitch.me Open in urlscan Pro
3.231.39.129 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

158 kB
Transfer

156 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!