![](/screenshots/534e5a61-fe1e-4ae7-b8fc-730aa1056afd.png)
gemini.geminigifts02.repl.co
Open in
urlscan Pro
35.186.245.55
Malicious Activity!
Public Scan
Effective URL: https://gemini.geminigifts02.repl.co/btc.html
Submission: On September 21 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 30th 2021. Valid for: 3 months.
This is the only time gemini.geminigifts02.repl.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Crypto (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 3 | 35.186.245.55 35.186.245.55 | 15169 (GOOGLE) (GOOGLE) | |
1 | 69.16.175.10 69.16.175.10 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
5 | 192.0.77.40 192.0.77.40 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
6 | 104.18.4.127 104.18.4.127 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 145.239.131.60 145.239.131.60 | 16276 (OVH) (OVH) | |
1 | 142.250.181.238 142.250.181.238 | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.12.193 151.101.12.193 | 54113 (FASTLY) (FASTLY) | |
1 | 104.18.28.120 104.18.28.120 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 9 |
ASN15169 (GOOGLE, US)
PTR: 55.245.186.35.bc.googleusercontent.com
gemini.geminigifts02.repl.co |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f14.1e100.net
chart.apis.google.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
coingecko.com
widgets.coingecko.com api.coingecko.com assets.coingecko.com |
98 KB |
5 |
tumblr.com
static.tumblr.com |
412 KB |
3 |
repl.co
1 redirects
gemini.geminigifts02.repl.co |
81 KB |
1 |
imgur.com
i.imgur.com |
70 KB |
1 |
google.com
chart.apis.google.com |
2 KB |
1 |
ibb.co
i.ibb.co |
3 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
0 |
twimg.com
Failed
pbs.twimg.com Failed |
|
19 | 8 |
Domain | Requested by | |
---|---|---|
5 | assets.coingecko.com |
gemini.geminigifts02.repl.co
|
5 | static.tumblr.com |
gemini.geminigifts02.repl.co
|
3 | gemini.geminigifts02.repl.co |
1 redirects
gemini.geminigifts02.repl.co
|
1 | api.coingecko.com |
widgets.coingecko.com
|
1 | i.imgur.com |
gemini.geminigifts02.repl.co
|
1 | chart.apis.google.com |
gemini.geminigifts02.repl.co
|
1 | i.ibb.co |
gemini.geminigifts02.repl.co
|
1 | widgets.coingecko.com |
gemini.geminigifts02.repl.co
|
1 | code.jquery.com |
gemini.geminigifts02.repl.co
|
0 | pbs.twimg.com Failed |
gemini.geminigifts02.repl.co
|
19 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
geminigifts02.repl.co R3 |
2021-08-30 - 2021-11-28 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2021-07-14 - 2022-08-14 |
a year | crt.sh |
tumblr.com DigiCert SHA2 Extended Validation Server CA |
2020-07-09 - 2022-04-14 |
2 years | crt.sh |
coingecko.com Cloudflare Inc ECC CA-3 |
2021-08-20 - 2022-08-19 |
a year | crt.sh |
ibb.co R3 |
2021-08-06 - 2021-11-04 |
3 months | crt.sh |
*.apis.google.com GTS CA 1C3 |
2021-08-30 - 2021-11-22 |
3 months | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
api.coingecko.com Cloudflare Inc ECC CA-3 |
2021-08-03 - 2022-08-02 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://gemini.geminigifts02.repl.co/btc.html
Frame ID: 21BB77CBBFC3839B1D649B3CBA805468
Requests: 18 HTTP requests in this frame
Frame:
https://gemini.geminigifts02.repl.co/comms.html
Frame ID: 8FB3F951A18CF7EB0DDDEC7BC573A824
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/534e5a61-fe1e-4ae7-b8fc-730aa1056afd.png)
Page Title
3407 BTC leftPage URL History Show full URLs
-
http://gemini.geminigifts02.repl.co/btc.html
HTTP 308
https://gemini.geminigifts02.repl.co/btc.html Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- clipboard(?:-([\d.]+))?(?:\.min)?\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://gemini.geminigifts02.repl.co/btc.html
HTTP 308
https://gemini.geminigifts02.repl.co/btc.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
btc.html
gemini.geminigifts02.repl.co/ Redirect Chain
|
77 KB 77 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.slim.min.js
code.jquery.com/ |
69 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
http__get-mcafee.market_b_index_files_clipboard.js
static.tumblr.com/do7iv2w/swtpwjat5/ |
8 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
http__get-mcafee.market_b_index_files_bootstrap.js
static.tumblr.com/do7iv2w/Rddpwjavf/ |
36 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
big.css
static.tumblr.com/do7iv2w/DDOpwjb9q/ |
14 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comments.css
static.tumblr.com/n2nup4r/du2pswb6c/ |
151 KB 151 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
u.css
static.tumblr.com/n2nup4r/R1Gpswbma/ |
203 KB 203 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
coingecko-coin-price-marquee-widget.js
widgets.coingecko.com/ |
209 KB 63 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
055.png
i.ibb.co/Z6YJvKQ/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chart
chart.apis.google.com/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
351kRoj.gif
i.imgur.com/ |
69 KB 70 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
markets
api.coingecko.com/api/v3/coins/ |
4 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
MM9DHPWC_400x400.jpg
pbs.twimg.com/profile_images/1383184766959120385/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comms.html
gemini.geminigifts02.repl.co/ Frame 8FB3 |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bitcoin.png
assets.coingecko.com/coins/images/1/large/ |
6 KB 7 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ethereum.png
assets.coingecko.com/coins/images/279/large/ |
7 KB 7 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eos-eos-logo.png
assets.coingecko.com/coins/images/738/large/ |
9 KB 10 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xrp-symbol-white-128.png
assets.coingecko.com/coins/images/44/large/ |
5 KB 6 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
litecoin.png
assets.coingecko.com/coins/images/2/large/ |
4 KB 4 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- pbs.twimg.com
- URL
- https://pbs.twimg.com/profile_images/1383184766959120385/MM9DHPWC_400x400.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Crypto (Crypto Exchange)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery string| ADDRESS object| __core-js_shared__ object| core function| wait function| random function| uuidv4 function| bet function| removeArr function| addLink function| sub function| newtr function| insertAfter function| updateTrans object| times function| setProgress number| ctd object| clipboard0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=5893758; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.coingecko.com
assets.coingecko.com
chart.apis.google.com
code.jquery.com
gemini.geminigifts02.repl.co
i.ibb.co
i.imgur.com
pbs.twimg.com
static.tumblr.com
widgets.coingecko.com
pbs.twimg.com
104.18.28.120
104.18.4.127
142.250.181.238
145.239.131.60
151.101.12.193
192.0.77.40
35.186.245.55
69.16.175.10
05a08327e34fcb3cb99cbd6ee41aae57fcd6c386001de5ab25d136f170dc486b
1eb63dce93da0efdd382d8a69111985b9d20ab2d6fc41d1cd7d4486657ca53b6
2355971060bb834e6ec1a53f591ef953d2093b1c73641ef69aa42ed5246c7928
24851fb7592d7bbfc727b1f048bb661d8e7342fa5657c0a5f20b682137b9b433
30c25c88089ccc0d6373e6f0f36814c97dfaa575543d90a7cb9060903a50ef84
457fa9c16044e42c986373e5aeb36fda940b44c59ed5d4f62fbe68b368a58e35
4b2715d0b61d55ac2cabe4f2b473ea1e04f9774af40e4cfdf516ff603c0a749b
51eddb6deb8ef75df2c8dff112415172bee5b695c4d4b1445e635e6ebaef93c3
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5baf49bbab196cf63b0bb296d0d7c0a03b1521b41f9d7b2295404ce7951e1d5a
5ea0651d51cd133b1f3027b269e894400b0718b3940e40feb281e06b827285c5
7db68db912191ac641b159b07985bceaee609355154166b7b2d56018edb1fb9d
939a465a5d19c5777535edd1d47ac1a737ab49eebb21ef96ec35fe902aa8462a
98d13e441ad595feb615fd3f0c550073cc2df8f8a5be48acfc86055f77d09476
a1af8dfce7376167ec14fea52c6854be660df9ec24661c39a1651bf7544eaacc
a5ab2a00a0439854f8787a0dda775dea5377ef4905886505c938941d6854ee4f
c258563caf78aca7a3684c6c175b3d660efb1eb4cce90fd5228983c60266f6e8
fa22940bf8ac23ef7b16ea2e1ca743cb189a1ef05ef722ff5f7fca7c5dae9540