giveaway.neocities.org
Open in
urlscan Pro
2620:2:6000::a:1
Malicious Activity!
Public Scan
Submission: On July 11 via automatic, source phishtank
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 3rd 2016. Valid for: 3 years.
This is the only time giveaway.neocities.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2620:2:6000::a:1 2620:2:6000::a:1 | 395409 (NEOCITIES) (NEOCITIES - Neocities) | |
7 | 54.93.185.254 54.93.185.254 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:816::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
9 | 3 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com
ether-giveaway.bitballoon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
bitballoon.com
ether-giveaway.bitballoon.com |
272 KB |
1 |
google.com
chart.apis.google.com |
926 B |
1 |
neocities.org
giveaway.neocities.org |
5 KB |
9 | 3 |
Domain | Requested by | |
---|---|---|
7 | ether-giveaway.bitballoon.com |
giveaway.neocities.org
|
1 | chart.apis.google.com |
giveaway.neocities.org
|
1 | giveaway.neocities.org | |
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.neocities.org COMODO RSA Domain Validation Secure Server CA |
2016-05-03 - 2019-06-30 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://giveaway.neocities.org/eth/secure-eth-transaction.html
Frame ID: 4C1A758F37176C471FF1909C07241B93
Requests: 9 HTTP requests in this frame
Screenshot
Detected technologies
Lua (Programming Languages) ExpandDetected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Clipboard.js (Miscellaneous) Expand
Detected patterns
- script /clipboard(?:\.min)?\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
secure-eth-transaction.html
giveaway.neocities.org/eth/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
bootstrap.css
ether-giveaway.bitballoon.com/css/ |
183 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
animate.css
ether-giveaway.bitballoon.com/css/ |
77 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
clipboard.js
ether-giveaway.bitballoon.com/js/ |
21 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ether-giveaway.bitballoon.com/js/ |
170 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
cookie.min.js
ether-giveaway.bitballoon.com/js/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
ethereum.svg
ether-giveaway.bitballoon.com/img/ |
110 KB 78 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
chart
chart.apis.google.com/ |
809 B 926 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
circle.gif
ether-giveaway.bitballoon.com/img/ |
126 KB 126 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| Cookies object| Clipboards number| ethTotal number| updateFrequency string| ethLeft function| updateEthBalance function| insertEthContent function| notifyMsg function| dec2hex function| generateAddress function| updateWaiting function| copied string| msg1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
giveaway.neocities.org/ | Name: eth_left Value: 1500 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * |
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
chart.apis.google.com
ether-giveaway.bitballoon.com
giveaway.neocities.org
2620:2:6000::a:1
2a00:1450:4001:816::200e
54.93.185.254
3558761e50979d29601c53d23d46d84de3b8e597c02a5862851cd891f8eebe9d
400d2b3e71d36160a394b8f6848f7db15cb3fd0c99acfd01034a72a8a849468a
51db6c4f053f0649837ec06f4890fb346b0c62df43990e2c0f6ddd784468ce8d
77831dbe6b4cbe88beb576be1363a995c51d66b699e133cf56b23827378af670
84aee3d96e68614fb7d697a274c706431df77f7e1c6fbd5a4b9ffa5d83e034a4
c9b8fcfae2c74f1fdaa0cfe1d13790957db3ffbecf1f87273b6060c2f7fe5fb8
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
e727e36f5c323c3e2e1848f79f296f0dba0f70a6df79f67e9b16ce7e85879e87
e9ce7739666a39243194da247c861122c5efab08734f0f82115f79b6afa2a923