ciaim-neirocoins.net Open in urlscan Pro
2606:4700:3035::6815:2be9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ciaim-neirocoins.net/?shiny
Effective URL:
https://ciaim-neirocoins.net/?shiny
Submission Tags: shiny c290acadafe6362a fc6b18fd85158e2b bfst honeypoter@gmail.com Search All
Submission: On October 19 via api (October 19th 2024, 10:14:17 pm UTC) from JP — Scanned from JP

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 6 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3035::6815:2be9, located in United States and belongs to CLOUDFLARENET, US. The main domain is ciaim-neirocoins.net.
TLS certificate: Issued by WE1 on October 15th 2024. Valid for: 3 months.

This is the only time ciaim-neirocoins.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
2	2606:4700:303... 2606:4700:3035::6815:2be9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.183.16 172.67.183.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:2498:100... 2a02:2498:1000:1::4	13213 (UK2NET-AS) (UK2NET-AS)
1	172.67.220.167 172.67.220.167	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:bb1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.186.227 172.67.186.227	() ()
13	8

2 2606:4700:3035::6815:2be9 (United States)

ASN13335 (CLOUDFLARENET, US)

ciaim-neirocoins.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.183.16 (United States)

ASN13335 (CLOUDFLARENET, US)

trxneiro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2498:1000:1::4 (United Kingdom)

ASN13213 (UK2NET-AS, GB)

rpc.ankr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.220.167 (United States)

ASN13335 (CLOUDFLARENET, US)

scripts-zone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bb1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.186.227 (None, )

ASN- ()

ciaim-neirocoins.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	ciaim-neirocoins.net ciaim-neirocoins.net	6 MB
2	ankr.com rpc.ankr.com — Cisco Umbrella Rank: 109340	501 B
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 220	143 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 311	47 KB
1	scripts-zone.com scripts-zone.com	8 KB
1	trxneiro.com trxneiro.com	998 KB
13	6

	Domain	Requested by
4	ciaim-neirocoins.net	ciaim-neirocoins.net
2	rpc.ankr.com	ciaim-neirocoins.net
2	cdnjs.cloudflare.com	ciaim-neirocoins.net
1	cdn.jsdelivr.net	ciaim-neirocoins.net
1	scripts-zone.com	ciaim-neirocoins.net
1	trxneiro.com	ciaim-neirocoins.net
13	6

This site contains no links.

Subject Issuer	Validity	Valid
ciaim-neirocoins.net WE1	`2024-10-15` - `2025-01-13`	3 months	crt.sh
trxneiro.com WE1	`2024-09-06` - `2024-12-05`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-09-28` - `2024-12-27`	3 months	crt.sh
enterprise.onerpc.com WR1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
scripts-zone.com WE1	`2024-10-19` - `2025-01-17`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://ciaim-neirocoins.net/?shiny
Frame ID: 0AF0463EBBAAEFF9ACE90DE2193FE5E5
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

neiro is now live on TRON

Page URL History Show full URLs

http://ciaim-neirocoins.net/?shiny HTTP 307
https://ciaim-neirocoins.net/?shiny Page URL

Detected technologies

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

13
Requests

85 %
HTTPS

43 %
IPv6

6
Domains

6
Subdomains

8
IPs

3
Countries

6936 kB
Transfer

11303 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ciaim-neirocoins.net/?shiny HTTP 307
https://ciaim-neirocoins.net/?shiny Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ciaim-neirocoins.net/
Redirect Chain

http://ciaim-neirocoins.net/?shiny
https://ciaim-neirocoins.net/?shiny

5 MB
4 MB

2336ms
906ms

Document
text/html

2606:4700:3035::6815:2be9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ciaim-neirocoins.net/?shiny
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2be9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e23834ca80283d20f7f71954358f3cb49b4365c2c35dcfebe4e32de2772be0c3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8d541e881835d553-NRT
content-encoding: zstd
content-type: text/html; charset=utf-8
date: Sat, 19 Oct 2024 22:14:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zSh7I3J4VDxc3msNh5kIuaIJiVIqwDehGqq4ZZz8%2F%2FmIbRoqiMNz4bBxknpy97%2BZHc1hoLhLUCktvF0C2gnHExDC3GT5B6T%2B0aa5mPTYzCmRePWo1aUgfLJOZYVvhyGei%2BKhfF1tuWkuYrtqt01OMeWz5g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=1199&sent=8&recv=14&lost=0&retrans=1&sent_bytes=4020&recv_bytes=2424&delivery_rate=2518446&cwnd=111&unsent_bytes=0&cid=6f3fa32de87ed159&ts=922&x=0"
vary: Accept-Encoding

Redirect headers

Location: https://ciaim-neirocoins.net/?shiny
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 670a4c50-1b29-4ee4-ab01-ae1b594bb7a8 Show response
ciaim-neirocoins.net/ghtzUafpkp/ 2 MB
2 MB 823ms
822ms Script
application/octet-stream 2606:4700:3035::6815:2be9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ciaim-neirocoins.net/ghtzUafpkp/670a4c50-1b29-4ee4-ab01-ae1b594bb7a8
Requested by: Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/?shiny
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:2be9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0354d3edb118d8e814cea02f9b8d408dee73227b4a3ae995c9e94be0d9f832f2

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ciaim-neirocoins.net/?shiny

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k9h5yLiYJEg1qwYp2L0DKe%2BSO8ebHn4lj5dH%2FXOgDessU5cajmtrR0Ev%2BY615rVgHFEqTwz2ixpdIRlBeKyZ6FwGrbmIuH%2B2O22o%2FRo0XO%2FEGs7Y1ftCX7FsOutTFp%2BZ38ij09Sc9k5h5n7hZwlh0WAPVA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d541e96bc7dd553-NRT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 2038528
server-timing: cfL4;desc="?proto=TCP&rtt=6299&sent=3125&recv=1756&lost=0&retrans=1&sent_bytes=3826024&recv_bytes=2602&delivery_rate=67234065&cwnd=301&unsent_bytes=0&cid=6f3fa32de87ed159&ts=3178&x=0"
date: Sat, 19 Oct 2024 22:14:10 GMT
content-type: application/octet-stream
server: cloudflare

GET
H3 200 hugging1.png
trxneiro.com/img/ 997 KB
998 KB 46ms
19ms Image
image/png 172.67.183.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trxneiro.com/img/hugging1.png
Requested by: Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/?shiny
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.183.16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c8de4b7c4a76054939f5658c7537b75fcf88a7132707a36ecc8cc0ff4fb044e

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ciaim-neirocoins.net/

Response headers

cf-cache-status: HIT
age: 540420
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HQ58Uqfut8hK7czJYDM2gCMfNN0x3wTJlnSnYAmfshT873bjM4q7iOtWTIjJ%2BJkp5bIswdM4J0I5nIfOSfKb%2Fpd%2FSFPJahahfmTQ6aOPRzojfz1pVEQ3xlHSxkCAC6M%3D"}],"group":"cf-nel","max_age":604800}
expires: Sun, 20 Oct 2024 16:07:09 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1644&sent=13&recv=11&lost=0&retrans=0&sent_bytes=4255&recv_bytes=6931&delivery_rate=447991&cwnd=12000&unsent_bytes=0&cid=9f83e3a3493c2617&ts=29&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 19 Oct 2024 22:14:10 GMT
content-type: image/png
last-modified: Fri, 06 Sep 2024 16:16:35 GMT
vary: Accept-Encoding
priority: u=2,i
cache-control: public, max-age=604800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d541e98fa407345-NRT
accept-ranges: bytes
content-length: 1021025
x-turbo-charged-by: LiteSpeed
server: cloudflare

GET
H3 200 crypto-js.min.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/ 59 KB
20 KB 14ms
8ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js

Requested by

Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/ghtzUafpkp/670a4c50-1b29-4ee4-ab01-ae1b594bb7a8

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ciaim-neirocoins.net/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65384d58-4ca5"
age: 262052
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P68KtzEm2j0%2Bu0V%2F%2FvMiZK4DGjHKix8DTZ%2B3v%2FpNmhN2F60zze92JNEjk0ajvcmkZwyAZRbquoBasC%2Fw%2Bg3kMPHQG2buumfA%2BCTBe43CapzifTv6kfmzJQMpHXs9g%2FM2zqR3zjhp"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 09 Oct 2025 22:14:12 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 19 Oct 2024 22:14:12 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 24 Oct 2023 23:03:52 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d541ea6693adeb5-NRT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19621
server: cloudflare

GET
DATA 200
OK truncated
/ 55 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 991627e0cf3d63f1663f8948134be9211e259008bcaf61889a08f1f3b9af50d2

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 35 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 130358808fa68df01f3bb22a0b5b3599e606b26a7f10c38bf6a9b859497abdfe

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 23 KB
0 Image
image/avif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 46b2b340d95cd9ef2073d2015dda5b2bd27f99ab827f269b5047be8845710018

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/avif

GET
DATA 200
OK truncated
/ 1 MB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f15ea2e161438cf0b7dd50cc2ece3d018f05e8e5a8c146344e944a0b970fb3b9

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 28 KB
0 Image
image/avif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 007faec4b1a9b169cf72d8e2ec360fd9ed8dbb444bce778cb3a6face0b8dac6e

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/avif

GET
DATA 200
OK truncated
/ 13 KB
13 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c20905ac00aa8dce4576e0258768e02b9087e1628226473e1e3969443bb077bb

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin: https://ciaim-neirocoins.net
Referer

Response headers

Content-Type: font/woff2

GET
DATA 200
OK truncated
/ 549 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 30e5c23754d3e4f6cf17e86d5110bb32aab93bc78f3e0acd008f3f92f236bd27

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer

Response headers

Content-Type: image/png

POST
H2 200 eth Show response
rpc.ankr.com/ 230 B
501 B 132ms
130ms Fetch
application/json 2a02:2498:1000:1::4
UK2NET-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rpc.ankr.com/eth

Requested by

Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/ghtzUafpkp/670a4c50-1b29-4ee4-ab01-ae1b594bb7a8

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:2498:1000:1::4 , United Kingdom, ASN13213 (UK2NET-AS, GB),

Reverse DNS

Software

Resource Hash

ac0fd9fd5d8adb02311cfa434c031263a10870a1c5de3ea20d3f5661554b03de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: application/json
Referer: https://ciaim-neirocoins.net/

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
access-control-max-age: 1728000
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin: *
content-length: 106
date: Sat, 19 Oct 2024 22:14:15 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,solana-client

OPTIONS
H2 204 eth
rpc.ankr.com/ 0
0 2602ms
68ms Preflight 2a02:2498:1000:1::4
UK2NET-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rpc.ankr.com/eth

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:2498:1000:1::4 , United Kingdom, ASN13213 (UK2NET-AS, GB),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://ciaim-neirocoins.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,solana-client
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
content-length: 0
date: Sat, 19 Oct 2024 22:14:14 GMT
strict-transport-security: max-age=15724800; includeSubDomains

POST
H3 200 config Show response
scripts-zone.com/ 10 KB
8 KB 539ms
514ms Fetch
text/html 172.67.220.167
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts-zone.com/config
Requested by: Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/ghtzUafpkp/670a4c50-1b29-4ee4-ab01-ae1b594bb7a8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.220.167 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1a2804040f322d4e2acd14c19dced89c285a6f3ab2a387f91998f890e9831deb

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: text/plain;charset=UTF-8
Referer: https://ciaim-neirocoins.net/

Response headers

server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GniawP6Cqe2lE6b0hF0mwqwNhX54a62OMHp6ZVvUiYpZSk11Cvr6eu7Hgk0zuZ0lAQNwN%2Fq6SOvhTBfCnlvC%2BeC2xV%2F2R5vgeGvORYBUoaieVm%2FXfwlV%2FHTr5%2F58jTCvCmkT"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d541eb8ca3b2689-NRT
access-control-allow-origin: https://ciaim-neirocoins.net
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1569&sent=13&recv=13&lost=0&retrans=0&sent_bytes=4215&recv_bytes=7576&delivery_rate=1061&cwnd=12000&unsent_bytes=0&cid=6e2aee729ac2422e&ts=521&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 19 Oct 2024 22:14:15 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, accept-encoding
priority: u=1,i

GET
H3 200 ethers.umd.min.js Show response
cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ 719 KB
124 KB 11ms
10ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ethers.umd.min.js

Requested by

Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/ghtzUafpkp/670a4c50-1b29-4ee4-ab01-ae1b594bb7a8

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ciaim-neirocoins.net/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "62ad87d5-1eb91"
age: 3103355
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T7HrTRduUcJ8h2Hhz9hPzDD9BIObfEWF9w9UQOJK2bf8PlMAE%2FNer%2Bo1xLkP2Hx%2FRKB6rAMULLkAGIJSic%2F%2F%2BGLbFRNZQTvLUkdsMcqNnjrjV961hiXCIKuYq5JsJVE5OTKTtxb2"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Thu, 09 Oct 2025 22:14:15 GMT
alt-svc: h3=":443"; ma=86400
date: Sat, 19 Oct 2024 22:14:15 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 18 Jun 2022 08:07:49 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d541ebc3ea4deb5-NRT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 125841
server: cloudflare

GET
H2 200 merkletree.js Show response
cdn.jsdelivr.net/npm/merkletreejs@latest/ 215 KB
47 KB 23ms
11ms Script
application/javascript 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/merkletreejs@latest/merkletree.js

Requested by

Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/ghtzUafpkp/670a4c50-1b29-4ee4-ab01-ae1b594bb7a8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c277622a66901d9b5b7fa8765ce15798265c5e30d832e08c0d69157e28de7460

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ciaim-neirocoins.net/

Response headers

access-control-expose-headers: *
content-encoding: br
cf-cache-status: HIT
etag: W/"35cec-voDmHbahh9asSkpxmh+JmyyWCMA"
age: 17391
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OeGCimUfTr0vwuEW4oQ01kpujJrbuVVYZlTmxGpUvj4coBDVk02nb9Z4vsworzThIKZvO2d5YF6UoM4oHFlOkGQHZoFBVShR744xQ6J9675uMJLd8diftBQAy6bvD5sffMint04fcImFUijegnE%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443"; ma=86400
x-cache: HIT, HIT
date: Sat, 19 Oct 2024 22:14:15 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220103-FRA, cache-lga21941-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8d541ebc4acd348d-NRT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 47359
server: cloudflare
x-jsd-version: 0.4.0

GET wallet-connect-v4.js
ciaim-neirocoins.net/scripts/ 0
0

GET popup-6.css
ciaim-neirocoins.net/styles/ 0
0

GET
H3 200 wallet-connect-v4.js
ciaim-neirocoins.net/scripts/ 30 KB
0 1295ms
1294ms Script
application/octet-stream 172.67.186.227

General

Check archive.org

Show headers Download Go to

Full URL: https://ciaim-neirocoins.net/scripts/wallet-connect-v4.js
Requested by: Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/ghtzUafpkp/670a4c50-1b29-4ee4-ab01-ae1b594bb7a8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.186.227 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ciaim-neirocoins.net/?shiny

Response headers

cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pUlUlJl61QisyPuez6gFOMGWhMjhN5dBtAVZWIA73%2BQpbz1NOFB%2BjQc26T3eemFODpB3w35lUXLj3j%2FjJ8dafW9ZYAT6ADKrbOAnHbv8DGvHwwnozjVnbXgJosPq2QVBwzpjnCoQTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1536&sent=26&recv=22&lost=0&retrans=0&sent_bytes=15296&recv_bytes=7041&delivery_rate=13259&cwnd=12000&unsent_bytes=0&cid=62680dcbaba83343&ts=7919&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 19 Oct 2024 22:14:17 GMT
content-type: application/octet-stream
last-modified: Sat, 19 Oct 2024 22:14:17 GMT
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8d541ec01c64d4f4-NRT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2257751
server: cloudflare

GET
H3 200 popup-6.css
ciaim-neirocoins.net/styles/ 51 KB
10 KB 827ms
826ms Stylesheet
text/css 172.67.186.227

General

Check archive.org

Show headers Download Go to

Full URL: https://ciaim-neirocoins.net/styles/popup-6.css
Requested by: Host: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/ghtzUafpkp/670a4c50-1b29-4ee4-ab01-ae1b594bb7a8
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.186.227 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: f4f2ea8a9fae0fe006897e4d5907c3677086ab3d476e308e2a6a43f43ca8ffaf

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://ciaim-neirocoins.net/?shiny

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TN7Z90SCdhXBN9m5yyMO6yM5aVAcXh7HmxovzincAuhMuoHVLuRIM5%2BGDNaDR9UDTvOv7PEm8Nf0xYhpsxgL9hdaDrAJYJmLf0CCdDwLyX699ZX5dAodYeLSidpdsQy%2FJSzElsj2Rw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d541ec01c66d4f4-NRT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1497&sent=16&recv=17&lost=0&retrans=0&sent_bytes=4374&recv_bytes=6826&delivery_rate=109&cwnd=12000&unsent_bytes=0&cid=62680dcbaba83343&ts=7451&x=1", cfExtPri, cfHdrFlush;dur=0
date: Sat, 19 Oct 2024 22:14:17 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
server: cloudflare
last-modified: Sat, 19 Oct 2024 22:14:17 GMT
priority: u=0,i=?0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/scripts/wallet-connect-v4.js

Domain: ciaim-neirocoins.net
URL: https://ciaim-neirocoins.net/styles/popup-6.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
ciaim-neirocoins.net
rpc.ankr.com
scripts-zone.com
trxneiro.com
ciaim-neirocoins.net
104.17.25.14
172.67.183.16
172.67.186.227
172.67.220.167
2606:4700:3035::6815:2be9
2606:4700::6812:bb1f
2a02:2498:1000:1::4
007faec4b1a9b169cf72d8e2ec360fd9ed8dbb444bce778cb3a6face0b8dac6e
0354d3edb118d8e814cea02f9b8d408dee73227b4a3ae995c9e94be0d9f832f2
0c8de4b7c4a76054939f5658c7537b75fcf88a7132707a36ecc8cc0ff4fb044e
130358808fa68df01f3bb22a0b5b3599e606b26a7f10c38bf6a9b859497abdfe
1a2804040f322d4e2acd14c19dced89c285a6f3ab2a387f91998f890e9831deb
30e5c23754d3e4f6cf17e86d5110bb32aab93bc78f3e0acd008f3f92f236bd27
46b2b340d95cd9ef2073d2015dda5b2bd27f99ab827f269b5047be8845710018
769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc
95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618
991627e0cf3d63f1663f8948134be9211e259008bcaf61889a08f1f3b9af50d2
ac0fd9fd5d8adb02311cfa434c031263a10870a1c5de3ea20d3f5661554b03de
c20905ac00aa8dce4576e0258768e02b9087e1628226473e1e3969443bb077bb
c277622a66901d9b5b7fa8765ce15798265c5e30d832e08c0d69157e28de7460
e23834ca80283d20f7f71954358f3cb49b4365c2c35dcfebe4e32de2772be0c3
f15ea2e161438cf0b7dd50cc2ece3d018f05e8e5a8c146344e944a0b970fb3b9
f4f2ea8a9fae0fe006897e4d5907c3677086ab3d476e308e2a6a43f43ca8ffaf

ciaim-neirocoins.net Open in urlscan Pro 2606:4700:3035::6815:2be9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

85 %HTTPS

43 %IPv6

6 Domains

6 Subdomains

8 IPs

3 Countries

6936 kBTransfer

11303 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

0 Cookies

Indicators

ciaim-neirocoins.net Open in urlscan Pro
2606:4700:3035::6815:2be9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

85 %
HTTPS

43 %
IPv6

6
Domains

6
Subdomains

8
IPs

3
Countries

6936 kB
Transfer

11303 kB
Size

0
Cookies

13 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!