giveaway.neocities.org Open in urlscan Pro
2620:2:6000::a:1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://giveaway.neocities.org/eth/secure-eth-transaction.html
Submission: On July 11 via automatic, source phishtank (July 11th 2018, 12:02:30 pm UTC)

Summary HTTP 9 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 2620:2:6000::a:1, located in United States and belongs to NEOCITIES - Neocities, US. The main domain is giveaway.neocities.org.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on May 3rd 2016. Valid for: 3 years.

This is the only time giveaway.neocities.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address		AS Autonomous System
1	2620:2:6000::a:1 2620:2:6000::a:1		395409 (NEOCITIES) (NEOCITIES - Neocities)
7	54.93.185.254 54.93.185.254		16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:816::200e		15169 (GOOGLE) (GOOGLE - Google LLC)
9	3

1 2620:2:6000::a:1 (United States)

ASN395409 (NEOCITIES - Neocities, US)

giveaway.neocities.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 54.93.185.254 (Frankfurt, Germany)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com

ether-giveaway.bitballoon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

chart.apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	bitballoon.com ether-giveaway.bitballoon.com	272 KB
1	google.com chart.apis.google.com	926 B
1	neocities.org giveaway.neocities.org	5 KB
9	3

	Domain	Requested by
7	ether-giveaway.bitballoon.com	giveaway.neocities.org
1	chart.apis.google.com	giveaway.neocities.org
1	giveaway.neocities.org
9	3

This site contains no links.

Subject Issuer	Validity	Valid
*.neocities.org COMODO RSA Domain Validation Secure Server CA	`2016-05-03` - `2019-06-30`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://giveaway.neocities.org/eth/secure-eth-transaction.html
Frame ID: 4C1A758F37176C471FF1909C07241B93
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

script /clipboard(?:\.min)?\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

9
Requests

11 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

278 kB
Transfer

707 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request secure-eth-transaction.html Show response
giveaway.neocities.org/eth/ 16 KB
5 KB 23ms
7ms Document
text/html 2620:2:6000::a:1
Neocities

General

Check archive.org

Show headers Download Go to

Full URL

https://giveaway.neocities.org/eth/secure-eth-transaction.html

Protocol

H2

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:2:6000::a:1 , United States, ASN395409 (NEOCITIES - Neocities, US),

Reverse DNS

Software

openresty /

Resource Hash

84aee3d96e68614fb7d697a274c706431df77f7e1c6fbd5a4b9ffa5d83e034a4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

:method: GET
:authority: giveaway.neocities.org
:scheme: https
:path: /eth/secure-eth-transaction.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 4C1A758F37176C471FF1909C07241B93

Response headers

status: 200
server: openresty
date: Wed, 11 Jul 2018 12:02:18 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Tue, 29 May 2018 14:45:42 GMT
etag: W/"5b0d6796-3e89"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *
x-neocities-cdn: cdn-fra
upgrade-insecure-requests: 1
x-cached: HIT
content-encoding: gzip

GET
S 200 bootstrap.css
ether-giveaway.bitballoon.com/css/ 183 KB
22 KB 606ms
565ms Stylesheet
text/css 54.93.185.254
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ether-giveaway.bitballoon.com/css/bootstrap.css
Requested by: Host: giveaway.neocities.org
URL: https://giveaway.neocities.org/eth/secure-eth-transaction.html
Protocol: SPDY
Server: 54.93.185.254 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com
Software: Netlify /
Resource Hash: e727e36f5c323c3e2e1848f79f296f0dba0f70a6df79f67e9b16ce7e85879e87

Request headers

Referer: https://giveaway.neocities.org/eth/secure-eth-transaction.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 12:02:19 GMT
content-encoding: gzip
server: Netlify
age: 1
etag: "a817a4440b0877c240af23264a7fda24-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
S 200 animate.css
ether-giveaway.bitballoon.com/css/ 77 KB
5 KB 570ms
531ms Stylesheet
text/css 54.93.185.254
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ether-giveaway.bitballoon.com/css/animate.css
Requested by: Host: giveaway.neocities.org
URL: https://giveaway.neocities.org/eth/secure-eth-transaction.html
Protocol: SPDY
Server: 54.93.185.254 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com
Software: Netlify /
Resource Hash: 77831dbe6b4cbe88beb576be1363a995c51d66b699e133cf56b23827378af670

Request headers

Referer: https://giveaway.neocities.org/eth/secure-eth-transaction.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 12:02:19 GMT
content-encoding: gzip
server: Netlify
age: 1
etag: "cf2c487402cdd39d86900ab4d430ffdc-ssl-df"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
status: 200
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
S 200 clipboard.js Show response
ether-giveaway.bitballoon.com/js/ 21 KB
4 KB 584ms
545ms Script
application/javascript 54.93.185.254
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ether-giveaway.bitballoon.com/js/clipboard.js
Requested by: Host: giveaway.neocities.org
URL: https://giveaway.neocities.org/eth/secure-eth-transaction.html
Protocol: SPDY
Server: 54.93.185.254 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com
Software: Netlify /
Resource Hash: e9ce7739666a39243194da247c861122c5efab08734f0f82115f79b6afa2a923

Request headers

Referer: https://giveaway.neocities.org/eth/secure-eth-transaction.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 12:02:19 GMT
content-encoding: gzip
server: Netlify
age: 1
etag: "ccd92ddf62321dfce5217303ced76e07-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
S 200 jquery.min.js Show response
ether-giveaway.bitballoon.com/js/ 170 KB
36 KB 585ms
546ms Script
application/javascript 54.93.185.254
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ether-giveaway.bitballoon.com/js/jquery.min.js
Requested by: Host: giveaway.neocities.org
URL: https://giveaway.neocities.org/eth/secure-eth-transaction.html
Protocol: SPDY
Server: 54.93.185.254 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com
Software: Netlify /
Resource Hash: d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

Referer: https://giveaway.neocities.org/eth/secure-eth-transaction.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 12:02:19 GMT
content-encoding: gzip
server: Netlify
age: 1
etag: "fecd9d4f882e599d12ac1984cada1272-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
S 200 cookie.min.js Show response
ether-giveaway.bitballoon.com/js/ 4 KB
1 KB 604ms
566ms Script
application/javascript 54.93.185.254
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ether-giveaway.bitballoon.com/js/cookie.min.js
Requested by: Host: giveaway.neocities.org
URL: https://giveaway.neocities.org/eth/secure-eth-transaction.html
Protocol: SPDY
Server: 54.93.185.254 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com
Software: Netlify /
Resource Hash: c9b8fcfae2c74f1fdaa0cfe1d13790957db3ffbecf1f87273b6060c2f7fe5fb8

Request headers

Referer: https://giveaway.neocities.org/eth/secure-eth-transaction.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 12:02:19 GMT
content-encoding: gzip
server: Netlify
age: 1
etag: "22b4818bac37b89569685533a9a58a65-ssl-df"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 1403

GET
S 200 ethereum.svg
ether-giveaway.bitballoon.com/img/ 110 KB
78 KB 547ms
547ms Image
image/svg+xml 54.93.185.254
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ether-giveaway.bitballoon.com/img/ethereum.svg
Requested by: Host: giveaway.neocities.org
URL: https://giveaway.neocities.org/eth/secure-eth-transaction.html
Protocol: SPDY
Server: 54.93.185.254 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com
Software: Netlify /
Resource Hash: 400d2b3e71d36160a394b8f6848f7db15cb3fd0c99acfd01034a72a8a849468a

Request headers

Referer: https://giveaway.neocities.org/eth/secure-eth-transaction.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 12:02:19 GMT
content-encoding: gzip
server: Netlify
age: 0
etag: "de9690d10838151121f92e32fe4952a3-ssl-df"
vary: Accept-Encoding
content-type: image/svg+xml
status: 200
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes

GET
S 200 chart
chart.apis.google.com/ 809 B
926 B 17ms
17ms Image
image/png 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chart.apis.google.com/chart?cht=qr&chs=120x120&chl=0xAcF90F51D960BD6038E8A2Ee7eba13CF714CFFBF&chld=L|0

Requested by

Host: giveaway.neocities.org
URL: https://giveaway.neocities.org/eth/secure-eth-transaction.html

Protocol

SPDY

Server

2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GoogleChartAPI/1.0 /

Resource Hash

3558761e50979d29601c53d23d46d84de3b8e597c02a5862851cd891f8eebe9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

Referer: https://giveaway.neocities.org/eth/secure-eth-transaction.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 12:02:19 GMT
x-content-type-options: nosniff
last-modified: Wed, 02-May-2018 18:35:04 GMT
server: GoogleChartAPI/1.0
status: 200
x-frame-options: ALLOWALL
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 809
x-xss-protection: 1; mode=block
expires: Thu, 12 Jul 2018 12:02:19 GMT

GET
S 200 circle.gif
ether-giveaway.bitballoon.com/img/ 126 KB
126 KB 540ms
540ms Image
image/gif 54.93.185.254
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ether-giveaway.bitballoon.com/img/circle.gif
Requested by: Host: giveaway.neocities.org
URL: https://giveaway.neocities.org/eth/secure-eth-transaction.html
Protocol: SPDY
Server: 54.93.185.254 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-93-185-254.eu-central-1.compute.amazonaws.com
Software: Netlify /
Resource Hash: 51db6c4f053f0649837ec06f4890fb346b0c62df43990e2c0f6ddd784468ce8d

Request headers

Referer: https://giveaway.neocities.org/eth/secure-eth-transaction.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 11 Jul 2018 12:02:20 GMT
server: Netlify
age: 1
etag: "897a8ab67c26acc105ff2a06b2e9da31-ssl"
content-type: image/gif
status: 200
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 128768

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Cookies object| Clipboards number| ethTotal number| updateFrequency string| ethLeft function| updateEthBalance function| insertEthContent function| notifyMsg function| dec2hex function| generateAddress function| updateWaiting function| copied string| msg

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			giveaway.neocities.org/	1969-12-31 23:59:59	Name: eth_left Value: 1500

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

chart.apis.google.com
ether-giveaway.bitballoon.com
giveaway.neocities.org
2620:2:6000::a:1
2a00:1450:4001:816::200e
54.93.185.254
3558761e50979d29601c53d23d46d84de3b8e597c02a5862851cd891f8eebe9d
400d2b3e71d36160a394b8f6848f7db15cb3fd0c99acfd01034a72a8a849468a
51db6c4f053f0649837ec06f4890fb346b0c62df43990e2c0f6ddd784468ce8d
77831dbe6b4cbe88beb576be1363a995c51d66b699e133cf56b23827378af670
84aee3d96e68614fb7d697a274c706431df77f7e1c6fbd5a4b9ffa5d83e034a4
c9b8fcfae2c74f1fdaa0cfe1d13790957db3ffbecf1f87273b6060c2f7fe5fb8
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
e727e36f5c323c3e2e1848f79f296f0dba0f70a6df79f67e9b16ce7e85879e87
e9ce7739666a39243194da247c861122c5efab08734f0f82115f79b6afa2a923