gift.nccw.xyz
Open in
urlscan Pro
2a02:4780:3:725:0:1d9e:33b5:2
Public Scan
URL:
https://gift.nccw.xyz/campaign/jdBlqbLLfckkvGjsasfSfbc741d.php?fbclid=IwAR1JwIU5ozypFIXc4goaPEY_UWb90pGiiyLGu9uyjMA9kw...
Submission: On April 16 via manual from TH — Scanned from SG
Submission: On April 16 via manual from TH — Scanned from SG
Summary
This website contacted 7 IPs
in 4 countries
across 7 domains to perform 11 HTTP transactions.
The main IP is 2a02:4780:3:725:0:1d9e:33b5:2, located in
Singapore and
belongs to AS-HOSTINGER, CY.
The main domain is gift.nccw.xyz.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on April 16th 2023. Valid for: 3 months.
This is the only time gift.nccw.xyz was scanned on urlscan.io!
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on April 16th 2023. Valid for: 3 months.
This is the only time gift.nccw.xyz was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 2a02:4780:3:7... 2a02:4780:3:725:0:1d9e:33b5:2 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:2b | 20446 (STACKPATH...) (STACKPATH-CDN) | |
| 2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2404:6800:400... 2404:6800:4003:c03::5f | 15169 (GOOGLE) (GOOGLE) | |
| 3 | 162.159.152.11 162.159.152.11 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a02:4780:3:6... 2a02:4780:3:697:0:6c6:d74a:10 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
| 11 | 7 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 3 |
truemoney.com
gift.truemoney.com |
28 KB |
| 2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 206 |
62 KB |
| 2 |
nccw.xyz
gift.nccw.xyz |
4 KB |
| 1 |
dccr.xyz
dccr.xyz |
131 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 39 |
851 B |
| 1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 818 |
7 KB |
| 1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 707 |
30 KB |
| 11 | 7 |
| Domain | Requested by | |
|---|---|---|
| 3 | gift.truemoney.com |
gift.nccw.xyz
|
| 2 | cdnjs.cloudflare.com |
gift.nccw.xyz
|
| 2 | gift.nccw.xyz |
gift.nccw.xyz
|
| 1 | dccr.xyz |
gift.nccw.xyz
|
| 1 | fonts.googleapis.com |
gift.nccw.xyz
|
| 1 | maxcdn.bootstrapcdn.com |
gift.nccw.xyz
|
| 1 | code.jquery.com |
gift.nccw.xyz
|
| 11 | 7 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| d.truemoney.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| gift.nccw.xyz ZeroSSL RSA Domain Secure Site CA |
2023-04-16 - 2023-07-15 |
3 months | crt.sh |
| *.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2023-03-28 - 2023-06-20 |
3 months | crt.sh |
| truemoney.com Sectigo RSA Domain Validation Secure Server CA |
2022-05-05 - 2023-06-04 |
a year | crt.sh |
| dccr.xyz ZeroSSL RSA Domain Secure Site CA |
2023-02-09 - 2023-05-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://gift.nccw.xyz/campaign/jdBlqbLLfckkvGjsasfSfbc741d.php?fbclid=IwAR1JwIU5ozypFIXc4goaPEY_UWb90pGiiyLGu9uyjMA9kwLtQKtTTtp90w4
Frame ID: FEC984DCBA5FD01E620B29237063E393
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
ของขวัญสำหรับคุณDetected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Bootstrap
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Materialize CSS
(Web Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href="[^"]*materialize(?:\.min)?\.css
- materialize(?:\.min)?\.js
React
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <[^>]+data-react
Font Awesome
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
URL: https://d.truemoney.com/giftenvelopeinstall#/consumer?url=https%3A//gift.truemoney.com/campaign/%3Fv%3DjdBlqbLLfckkvGjehi%26fbclid%3DIwAR0708OSig8K0W0aUUvENZ8-0HpMKKaqkpjig5SVDOJ3YkbZ1KBkzZm6s9U%23/
Title: สมัครสมาชิก ได้ที่นี่
Title: สมัครสมาชิก ได้ที่นี่
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
jdBlqbLLfckkvGjsasfSfbc741d.php
gift.nccw.xyz/campaign/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.2.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
materialize.min.css
cdnjs.cloudflare.com/ajax/libs/materialize/0.100.2/css/ |
138 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
materialize.min.js
cdnjs.cloudflare.com/ajax/libs/materialize/0.100.2/js/ |
162 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
1 KB 851 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.b3e4cadf.css
gift.truemoney.com/campaign/static/css/ |
20 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tmn_entry_logo.b3c84e75.png
gift.truemoney.com/campaign/static/media/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
gift_small.be16b489.png
gift.truemoney.com/campaign/static/media/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
l_2018-12-20_01.48.51.jpg
dccr.xyz/Images/ |
130 KB 131 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.0ff0e6bb.js
gift.nccw.xyz/campaign/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery function| _classCallCheck function| _createClass function| getTime function| Vel function| Hammer object| Materialize object| Waves function| playSound function| validate_field2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .truemoney.com/ | Name: __cf_bm Value: L0DZ4vdJOZlS_e6RLZQ86g05G0kB2kXMsWprAg3PzN8-1681658723-0-AYHd6qCOXC/lm37kZgnR0uJa25/w7Zftr5o6663LSUz3Vf8c9u/UhZj4UIPmyT/BVf1270rHrzLUTNvYXI7zU9Q= |
|
| .truemoney.com/ | Name: __cfruid Value: d2b511d36524ef1fb2dbce0ee6020804e993964f-1681658723 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | upgrade-insecure-requests |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
dccr.xyz
fonts.googleapis.com
gift.nccw.xyz
gift.truemoney.com
maxcdn.bootstrapcdn.com
162.159.152.11
2001:4de0:ac18::1:a:2b
2404:6800:4003:c03::5f
2606:4700::6811:180e
2606:4700::6812:bcf
2a02:4780:3:697:0:6c6:d74a:10
2a02:4780:3:725:0:1d9e:33b5:2
00aa723de6d8d403446e4c109fa88a8e376d5ec3c3f39940cefbe64a29427331
510226066d5197df184c0497d3702dc142eb020c001d36ae289cc0a65bb8981d
60df410aa7ffbc6f8889cb050bf42e3e8959e6897a3b47208b34b07d972650cc
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b6d8140a085edb6ff87fe0c149d5ae254d14763ae01ef07c5aff7b605394dac
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8aee949eb9b5ae5b725592fe53802c2eb6bccb0699a5a576f193476d8b208ce7
b96b525d112bc07f647494c8af5b307c71499ff77f590eacef68042ce1d74063
ea68b0702dd2b7f3bb97bf4442f51aa9cf102389c6fc635d1173c810fc62d3ed
fc949df45c43b6796b84d38a73152f6a26967d0ac4329d82653a8d4ac8bf1618