getbtc9.live
Open in
urlscan Pro
2606:4700:3036::ac43:c783
Malicious Activity!
Public Scan
Effective URL: https://getbtc9.live/index.html
Submission: On May 17 via manual from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 13th 2021. Valid for: a year.
This is the only time getbtc9.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 19 | 2606:4700:303... 2606:4700:3036::ac43:c783 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 104.21.39.116 104.21.39.116 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
22 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
getbtc9.live
1 redirects
getbtc9.live |
480 KB |
4 |
hitsteps.net
log.hitsteps.net |
12 KB |
22 | 2 |
Domain | Requested by | |
---|---|---|
19 | getbtc9.live |
1 redirects
getbtc9.live
|
4 | log.hitsteps.net |
getbtc9.live
log.hitsteps.net |
22 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
medium.com |
www6.waybackmachinedownloader.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-05-13 - 2022-05-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://getbtc9.live/index.html
Frame ID: 4B0EAFB2B7F81BBD58176079ABFF63E5
Requests: 25 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://getbtc9.live/index.html
HTTP 301
https://getbtc9.live/index.html Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
Title: Homepage
Search URL Search Domain Scan URL
Title: Become a member
Search URL Search Domain Scan URL
Title: Sign in
Search URL Search Domain Scan URL
Title: Get started
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Digital Asset Investor
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Learn more
Search URL Search Domain Scan URL
Title: https://www6.waybackmachinedownloader.com/website-downloader-online/scrape-all-files/
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://getbtc9.live/index.html
HTTP 301
https://getbtc9.live/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
getbtc9.live/ Redirect Chain
|
648 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
track.php
log.hitsteps.net/ |
40 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
getbtc9.live/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m2.css
getbtc9.live/bejxdgc/ndhpx23f1/ |
63 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-branding-base.css
getbtc9.live/bejxdgc/h7hpx23gv/ |
510 KB 57 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
3ncxqbh-_400x400.jpg
getbtc9.live/profile_images/1363228426094538754/ |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
1_8vdww33n-eu85f0nftbp5g.jpg
getbtc9.live/max/800/ |
123 KB 123 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
1_tiws8qk_-h0ancevdfglsg.png
getbtc9.live/max/240/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
1_mdjwwvtftd7lmbr1pzvz0a.jpg
getbtc9.live/max/240/ |
15 KB 16 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
avq2oap-_normal.jpg
getbtc9.live/profile_images/1006221503548059657/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
a3a234d295e0a5824b856d5ddf228d0c_bigger.jpg
getbtc9.live/profile_images/2924807632/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
avatar-bitcoin.jpg
getbtc9.live/wp-content/uploads/2019/05/ |
38 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
ptlu6wrd_400x400.jpg
getbtc9.live/profile_images/1076901702102597632/ |
46 KB 46 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
vitkwbd2_400x400.jpg
getbtc9.live/profile_images/817962897011867651/ |
18 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
cdf6b1bd1203bb5ee824f0744edecb4a47ed19f8.jpg
getbtc9.live/osl5k/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
0a084b8fce0ae610c4c69c4fd5a6c7c000c4a690.jpg
getbtc9.live/osl5k/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
fell-400-normal.woff
getbtc9.live/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 15 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
charter-700-normal.woff
getbtc9.live/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ |
15 KB 16 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
marat-sans-600-normal.woff
getbtc9.live/font/6f4b679/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ |
21 KB 22 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
gather.php
log.hitsteps.net/ |
53 B 798 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
png.php
log.hitsteps.net/ |
294 B 798 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
png.php
log.hitsteps.net/ |
294 B 474 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)101 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| _hs_getqs function| _hs_setData function| _hs_getData string| ipname_temp string| _hs_uniqueid_temp number| _hs_gdpr_diag function| _hs_checkGDPR string| _hs_bat object| _hs_sysbat string| _hs_adplug string| _hs_a_uid number| _hs_navigator_touchpoints function| _hs_readAdplugin function| _hs_readBattery function| _HSTracker number| _HS_jquery_injected number| HSTracked number| ChatDiv undefined| _HS_body undefined| _HS_html undefined| _HS_dhh undefined| hstc undefined| hstcs undefined| htssc function| _hs_getParmFromHash function| getScript object| hsutube number| hsytindex object| hsutbarr object| hsplayerArray object| hitsteps number| hs_idleTime number| hs_idle number| hs_idles number| hs_timed function| _hsni_addListener function| _hsni_get_href function| _hsni_get_parent function| _hsni_get_target function| _hsni_trackAlinks function| _hsni_noIdle function| _hsni_Idle function| _hsni_mnoIdle function| hs_CheckInactivity function| onYouTubePlayerReady function| onYouTubeIframeAPIReady function| _hs_elementor_video_overlay function| _hs_hash_changed number| aid number| sid string| _hs_api_code_public string| hs_lang number| hs_enable_form number| _hs_noyoutubeapi number| _hs_heatmap_allowed number| _hs_pre_compliance string| _hs_gdpr_compliance_txt string| _hs_gdpr_btn_yes string| _hs_gdpr_btn_no function| _hs_a_giveMeRandom function| _hs_a_readCookie function| _hs_a_writeCookie function| _hs_a_setVal function| _hs_a_getVal function| _hs_bt_toTime object| prm number| nochat number| _hs_youtubeapiloaded number| hs_pingcount number| _hs_gdpr object| img string| hs_rev string| hs_goal string| mysearch string| MySearch string| tag string| Tag string| label string| IPname string| ipname string| _hs_uniqueid string| _hs_integrity string| _hs_last_full_url string| uaddress string| utitle string| uref string| new_url object| battery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
getbtc9.live/ | Name: _HS_temp_id Value: ipmxn41g01i |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
getbtc9.live
log.hitsteps.net
104.21.39.116
2606:4700:3036::ac43:c783
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
10600268cfe610a20fd1108895c4c7f5439cfb98ec6fe2a29ce5c29b61c90919
198f7f8d32f771479af26f52469b8dd04dc50cd187aceb661dd3beeffaa2aebc
283d4af2cb0edae38f85facb207efaff6e6e2f10133d8a665ec1bebde016e087
31ce12605ac90c6218f74f3f8365f923d69269345b0cb46e32b4feb868143428
55d27bc022e15405d265e47606de521b651c850f277a949468158bdff378ba30
582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071
7f516a34ba1bd1a50c6040864b8bcc7295146313f009a7285db4e5410cfd92e4
8c16cea95eec6f9f7932b7571e6ee2f375f89cd5bdcc955b05a7c09619c8c0aa
8ed4d5864bd422a465a7a7cb8270d1cfbd7d7bb28b47a70da3b10e45562bf9c0
92cedc4a98d0d2f737f76314549dbcd3af502daaab543e55871793479bf2cb75
99a9df080944a29084bf6f88ccc49b1f3a0cee1aed655c640ca433871a6af398
a214e8a9da8a7b9eeab2eaf27bd569cfdf5bf41fc7d3cbf09c93b20238ceaa87
a26ab077cbe73ea407404374775976b0e801a5ed1722b9b4a317bbaf73216b80
bf82b5b7148bf7f3ae01c94d29508087c09fa250768f4e54f015e6b02816487f
c44bba574e218abde115922794b177d41751534afac91d1d3a63110f00505231
ca355c76014d5056d93df60fd684408d3af122e4b5837788d1dcca67e2118cae
d1de21730854ea4db035a81914cb0bd57aa74d715af6f89b46a2d002917ca1ed
d49ad658882c229c919c87520a6a033862584cac37d1f45365050e53ddfe0b5b
deb23a009d3fbe9cb5223bcc8448898e9d1d7bc43ac28df8fb27b6173a15b873
e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715
f1b6073a69bbc361a2661c209d32187c6abb18e9eb058c9a60ca8b23cd78dde5
f449db6051701c42b20cb571f05697e59c8e895c481530e26fb9d2b5ff47cd64
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1