crypto-farmer.com
Open in
urlscan Pro
52.29.96.42
Malicious Activity!
Public Scan
Effective URL: http://crypto-farmer.com/c/3f1b96fdf6dfaace?s1=444_web_deu_m500_BC&s2=creative1
Submission: On June 22 via manual from FR
Summary
This is the only time crypto-farmer.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Lion's Den Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 116.203.118.191 116.203.118.191 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 52.29.96.42 52.29.96.42 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 2.16.107.112 2.16.107.112 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 18.185.217.16 18.185.217.16 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 151.139.128.8 151.139.128.8 | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
20 | 4 |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-96-42.eu-central-1.compute.amazonaws.com
crypto-farmer.com |
ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-107-112.deploy.static.akamaitechnologies.com
cdn-atn.akamaized.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-217-16.eu-central-1.compute.amazonaws.com
uf.noclef.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
akamaized.net
cdn-atn.akamaized.net |
354 KB |
5 |
noclef.com
uf.noclef.com |
5 KB |
1 |
fontawesome.com
pro.fontawesome.com |
149 KB |
1 |
crypto-farmer.com
crypto-farmer.com |
25 KB |
1 |
travelermaster.eu
1 redirects
news.travelermaster.eu |
255 B |
20 | 5 |
Domain | Requested by | |
---|---|---|
13 | cdn-atn.akamaized.net |
crypto-farmer.com
|
5 | uf.noclef.com |
crypto-farmer.com
uf.noclef.com |
1 | pro.fontawesome.com |
cdn-atn.akamaized.net
|
1 | crypto-farmer.com | |
1 | news.travelermaster.eu | 1 redirects |
20 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
a248.e.akamai.net DigiCert Secure Site ECC CA-1 |
2019-08-13 - 2020-08-12 |
a year | crt.sh |
uf.noclef.com Amazon |
2020-01-16 - 2021-02-16 |
a year | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2019-10-28 - 2020-12-23 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://crypto-farmer.com/c/3f1b96fdf6dfaace?s1=444_web_deu_m500_BC&s2=creative1
Frame ID: D3C2FD0DCCCED0FC6C5A96C2A00938EC
Requests: 18 HTTP requests in this frame
Frame:
https://uf.noclef.com/c_js/rtSlot/init?event=externalJumpVisit
Frame ID: F5DFC6DCEBA080B74961ED2C3DED4144
Requests: 1 HTTP requests in this frame
Frame:
https://uf.noclef.com/c_js/rtSlot/init?event=externalJumpVisit10sec
Frame ID: 5C42E733139304BF5ADC44CB4311C1EF
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://news.travelermaster.eu/T2?95mt2PeSVeAf9l8ew8R30V3ctQ8t2PfQFp3FfwVL-999
HTTP 302
http://crypto-farmer.com/c/3f1b96fdf6dfaace?s1=444_web_deu_m500_BC&s2=creative1 Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://news.travelermaster.eu/T2?95mt2PeSVeAf9l8ew8R30V3ctQ8t2PfQFp3FfwVL-999
HTTP 302
http://crypto-farmer.com/c/3f1b96fdf6dfaace?s1=444_web_deu_m500_BC&s2=creative1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
3f1b96fdf6dfaace
crypto-farmer.com/c/ Redirect Chain
|
24 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.css
cdn-atn.akamaized.net/landings/190166/1588840459/css/ |
72 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.main.css
cdn-atn.akamaized.net/landings/190166/1588840459/css/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-all.css
cdn-atn.akamaized.net/landings/190166/1588840459/css/ |
41 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cdn-atn.akamaized.net/landings/190166/1588840459/js/ |
95 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
cdn-atn.akamaized.net/landings/190166/1588840459/js/ |
529 B 915 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2018-03-28_12.06.25.jpg
cdn-atn.akamaized.net/landings/190166/1588840459/images/ |
160 KB 160 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
uf.noclef.com/c_js/ |
8 KB 3 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2018-03-28_12.06.48.jpg
cdn-atn.akamaized.net/landings/190166/1588840459/images/ |
62 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
klaus.jpg
cdn-atn.akamaized.net/landings/190166/1588840459/images/ |
61 KB 61 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof1.jpg
cdn-atn.akamaized.net/landings/190166/1588840459/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof2.jpg
cdn-atn.akamaized.net/landings/190166/1588840459/images/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof3.jpg
cdn-atn.akamaized.net/landings/190166/1588840459/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof4.jpg
cdn-atn.akamaized.net/landings/190166/1588840459/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prof5.jpg
cdn-atn.akamaized.net/landings/190166/1588840459/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-regular-400.woff2
pro.fontawesome.com/releases/v5.10.0/webfonts/ |
149 KB 149 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webpush.js
uf.noclef.com/c_js/ |
112 B 427 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom_jump.js
uf.noclef.com/c_js/ |
3 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
init
uf.noclef.com/c_js/rtSlot/ Frame F5DF |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
init
uf.noclef.com/c_js/rtSlot/ Frame 5C42 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Lion's Den Scam (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| onRecaptchaLoadCallback object| ufApp4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
crypto-farmer.com/ | Name: scriptHash Value: 525046 |
|
uf.noclef.com/ | Name: visitor_id Value: 5ef05ef5c201ae002d52bd9d |
|
crypto-farmer.com/ | Name: unique_id Value: 5ef05ef58571f625627186 |
|
crypto-farmer.com/ | Name: unique_2963796 Value: unique_2963796 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn-atn.akamaized.net
crypto-farmer.com
news.travelermaster.eu
pro.fontawesome.com
uf.noclef.com
116.203.118.191
151.139.128.8
18.185.217.16
2.16.107.112
52.29.96.42
0664cdc70dda191fed239f50a7f8cf6f8f940e14884838fd74752a2bfe6f979e
1af72e02c47cc5053139c9887bcd4b40845be437064fc6afcd948d377c7df1b6
1bbbaaadf122a866033bb06c80500e3057ba0514cf7178ce3ef52b9470650b71
2160d5828b228bc75e991295714c8ce2bab863031156ecca4ea847f61b62a262
2e330e84f6c6a27b1a44645dcdc03989b78af0979f0dc0726d989c12b85c1151
5e4a39e9f9298e25b326bd92f08b9cca6b15f0d617677c8ef2a6a3c037a8a0a1
7636cdba38cb7563e0738aaf3db96700cc90fe56ed749f02f8fbe6d899a368db
7c13bb43672e287bce7315deaec1e49fe4a80310d58269155298c98b2b15c7de
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18
911e92c8dd0048eab8ba93447f3f68b592f805d1456b7150b762914e29ac44eb
96931b9799d97ef2d4f6b62f77dc79a64dde152892a6aedcf9981b393d29a592
9e751907fa606b0bfec985d56e498228958bb1951801a0519926beac9784e6fa
b6067f94d359ada500dabdc3540b675b204659b075426d0ee70c58818b8f44da
c901d7db4f74689680e8dabacdc371e2c8e4615882c61a307089cb93c1987a18
d2682a9a2ec4ec4ea3cf120fbcd8962d1437fdb1fafdd56b2b0d5345992f17f3
e2df22a9c52c1db62b42d30787248f0d66b6f0c4fdcf7eb3b8783d990d85b867
f5653349d4d9eade79c3484fc521672332ffba22afbf1022e80ecb56973814c4
f6894acedc5915b51c9f1857f0da8ea062475edaff3b391b7cd7ffdf7115ad91