www.craftgiveaway.com Open in urlscan Pro
129.121.16.231 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.craftgiveaway.com/d/b99/front/
Submission: On September 20 via manual (September 20th 2022, 1:15:31 pm UTC) from BE — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 15 HTTP transactions. The main IP is 129.121.16.231, located in United States and belongs to ASMALLORANGE1, US. The main domain is www.craftgiveaway.com.

This is the only time www.craftgiveaway.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: bank99 (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 6	129.121.16.231 129.121.16.231	62729 (ASMALLORA...) (ASMALLORANGE1)
1 2	2606:4700:20:... 2606:4700:20::ac43:4ad5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1634	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:6ea0:cb0... 2a02:6ea0:cb00::2	60068 (CDN77 ^_^) (CDN77 ^_^)
2	193.110.183.243 193.110.183.243	24656 (ARZ) (ARZ)
4	172.64.202.28 172.64.202.28	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	7

6 129.121.16.231 (United States) 1 redirects

ASN62729 (ASMALLORANGE1, US)
PTR: ip-129-121-16-231.local

www.craftgiveaway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4ad5 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.tailwindcss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:cb00::2 (United Kingdom)

ASN60068 (CDN77 ^_^, GB)

img.icons8.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.110.183.243 (Austria)

ASN24656 (ARZ, AT)
PTR: arz-193-110-183-243.arz.at

meine.bank99.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.202.28 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	craftgiveaway.com 1 redirects www.craftgiveaway.com	381 KB
5	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1512 ka-f.fontawesome.com — Cisco Umbrella Rank: 2852	34 KB
2	bank99.at meine.bank99.at	130 KB
2	tailwindcss.com 1 redirects cdn.tailwindcss.com — Cisco Umbrella Rank: 120565	97 KB
1	icons8.com img.icons8.com — Cisco Umbrella Rank: 31119	1021 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 293	34 KB
15	6

	Domain	Requested by
6	www.craftgiveaway.com	1 redirects www.craftgiveaway.com
4	ka-f.fontawesome.com	kit.fontawesome.com
2	meine.bank99.at	www.craftgiveaway.com
2	cdn.tailwindcss.com	1 redirects www.craftgiveaway.com
1	img.icons8.com	www.craftgiveaway.com
1	kit.fontawesome.com	www.craftgiveaway.com
1	ajax.googleapis.com	www.craftgiveaway.com
15	7

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1C3	`2022-08-29` - `2022-11-21`	3 months	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-01` - `2023-01-01`	a year	crt.sh
1004834818.rsc.cdn77.org R3	`2022-07-23` - `2022-10-21`	3 months	crt.sh
meine.bank99.at EuropeanSSL Server CA 2	`2022-01-12` - `2023-02-12`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-12` - `2023-08-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://www.craftgiveaway.com/d/b99/front/
Frame ID: 8143719B993781D1E7FC82498B3FD9A3
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

http://www.craftgiveaway.com/d/b99/front HTTP 301
http://www.craftgiveaway.com/d/b99/front/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

60 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

7
IPs

4
Countries

676 kB
Transfer

1073 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.craftgiveaway.com/d/b99/front HTTP 301
http://www.craftgiveaway.com/d/b99/front/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cdn.tailwindcss.com/ HTTP 302
https://cdn.tailwindcss.com/3.1.8

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.craftgiveaway.com/d/b99/front/
Redirect Chain

http://www.craftgiveaway.com/d/b99/front
http://www.craftgiveaway.com/d/b99/front/

11 KB
4 KB

149ms
149ms

Document
text/html

129.121.16.231
ASMALLORANGE1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.craftgiveaway.com/d/b99/front/
Protocol: HTTP/1.1
Server: 129.121.16.231 , United States, ASN62729 (ASMALLORANGE1, US),
Reverse DNS: ip-129-121-16-231.local
Software: Apache /
Resource Hash: 5d70b0bcaf5fd3e94c5c81613835cf648545e219735f23f4e249a4248e07667e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 3365
Content-Type: text/html
Date: Tue, 20 Sep 2022 13:15:24 GMT
Keep-Alive: timeout=15, max=767
Last-Modified: Mon, 12 Sep 2022 02:19:19 GMT
Server: Apache
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 249
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 20 Sep 2022 13:15:24 GMT
Keep-Alive: timeout=15, max=768
Location: http://www.craftgiveaway.com/d/b99/front/
Server: Apache

GET
H2

200

3.1.8 Show response
cdn.tailwindcss.com/
Redirect Chain

https://cdn.tailwindcss.com/
https://cdn.tailwindcss.com/3.1.8

319 KB
97 KB

38ms
37ms

Script
text/javascript

2606:4700:20::ac43:4ad5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tailwindcss.com/3.1.8

Requested by

Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/

Protocol

Server

2606:4700:20::ac43:4ad5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d6e7e5263fa38ed2725e4be49d49fdca61aa60f92ffc1edbd0c3b47dc8c9e2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 13:15:24 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 05 Aug 2022 17:01:21 GMT
x-vercel-id: syd1::iad1::5cswb-1659718880314-e36b19295c12
age: 3960837
x-vercel-cache: MISS
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=caQkxjo65rj7Vk6HCCqMXSKJpUBmwoBI%2FcZrpu5hkJIFRSM%2BvwpjgG1Vgu1fDEGFv7dS3YNghq6eseGBBTaisv6871p1QM68eOtb5qtcyO7gtKYsVWKfylluqPdJKMsHVMRw5j%2BZPQRcFt4pGcQl4%2Bs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=63072000
cf-ray: 74dad468bee8921d-FRA
server: cloudflare

Redirect headers

date: Tue, 20 Sep 2022 13:15:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-id: syd1::iad1::qt8s6-1663678937569-4fe9958c1212
age: 242
x-vercel-cache: MISS
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqamDmCKiPRAPQmdIvvI7Fh%2BEh7nq4oRa52cJMXI3xcG3jlJI7GcXTNT7SBShEKKJGCrZR7lVr6rjzJny96023hSj8%2BdV9ITT12%2B%2FPFOmsd3SEyKRbNjRCM1NRjWiGC9maWH48vvWQ8ONBTX9ouNEus%3D"}],"group":"cf-nel","max_age":604800}
location: /3.1.8
cache-control: max-age=14400
strict-transport-security: max-age=63072000
cf-ray: 74dad4688e9f921d-FRA
content-length: 0
server: cloudflare

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 84ms
24ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 12:13:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3691
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 20 Sep 2023 12:13:53 GMT

GET
H2 200 887a93ffa3.js Show response
kit.fontawesome.com/ 11 KB
4 KB 98ms
50ms Script
text/javascript 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/887a93ffa3.js

Requested by

Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ee384f718fabd25f5c632e57a1c2a44a5ff17b14393eaa50f39a6a32410fd99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: http://www.craftgiveaway.com/
Origin: http://www.craftgiveaway.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 13:15:24 GMT
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
cf-ray: 74dad4687945693a-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FxaT5S5_zn7dm0hJD_YC

GET
H/1.1 200
OK style.css
www.craftgiveaway.com/d/b99/front/ 4 KB
1 KB 145ms
145ms Stylesheet
text/css 129.121.16.231
ASMALLORANGE1

General

Check archive.org

Show headers Download Go to

Full URL: http://www.craftgiveaway.com/d/b99/front/style.css
Requested by: Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/
Protocol: HTTP/1.1
Server: 129.121.16.231 , United States, ASN62729 (ASMALLORANGE1, US),
Reverse DNS: ip-129-121-16-231.local
Software: Apache /
Resource Hash: 35622e99a9a2b6b14de336a558b99b748d5e304ebbdb12cea2db206fe1db2ae5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/d/b99/front/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Tue, 20 Sep 2022 13:15:24 GMT
Content-Encoding: gzip
Last-Modified: Mon, 12 Sep 2022 02:19:19 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=766
Content-Length: 964

GET
H/1.1 200
OK logo.png
www.craftgiveaway.com/d/b99/front/assets/ 30 KB
30 KB 147ms
147ms Image
image/png 129.121.16.231
ASMALLORANGE1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.craftgiveaway.com/d/b99/front/assets/logo.png
Requested by: Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/
Protocol: HTTP/1.1
Server: 129.121.16.231 , United States, ASN62729 (ASMALLORANGE1, US),
Reverse DNS: ip-129-121-16-231.local
Software: Apache /
Resource Hash: 9a48abc1c0966ae27ea445a3af3f6602ffc5de898fcf007c1b32800cda33f787

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/d/b99/front/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Tue, 20 Sep 2022 13:15:25 GMT
Last-Modified: Mon, 12 Sep 2022 02:19:19 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=765
Content-Length: 30463

GET
H/1.1 200
OK chevron.svg
www.craftgiveaway.com/d/b99/front/assets/ 141 B
414 B 287ms
145ms Image
image/svg+xml 129.121.16.231
ASMALLORANGE1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.craftgiveaway.com/d/b99/front/assets/chevron.svg
Requested by: Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/
Protocol: HTTP/1.1
Server: 129.121.16.231 , United States, ASN62729 (ASMALLORANGE1, US),
Reverse DNS: ip-129-121-16-231.local
Software: Apache /
Resource Hash: 0de36e547f6703f8416190d4d94fee1f1c149e42f850150dfc787aca3f071095

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/d/b99/front/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Tue, 20 Sep 2022 13:15:25 GMT
Last-Modified: Mon, 12 Sep 2022 02:19:19 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Content-Type: image/svg+xml
Keep-Alive: timeout=15, max=768
Content-Length: 141

GET
H2 200 multiply.png
img.icons8.com/ios-filled/50/000000/ 398 B
1021 B 216ms
41ms Image
image/png 2a02:6ea0:cb00::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.icons8.com/ios-filled/50/000000/multiply.png

Requested by

Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6ea0:cb00::2 , United Kingdom, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

Software

CDN77-Turbo /

Resource Hash

0d14ef4e270ba8b5419f93c97f8abf14b27199528509416524877164fe264793

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-77-pop: viennaAT
date: Tue, 20 Sep 2022 13:15:25 GMT
icon-size: 50
x-content-type-options: nosniff
memory-svg-cache: true
access-control-allow-origin: *
from-cache: false
from-svg-cache: true
icon-format: png
x-cache: HIT
x-age: 30407
x-dns-prefetch-control: off
content-length: 398
x-xss-protection: 1; mode=block
x-77-nzt: Abm0DAaPazj/x3YAAA
x-accel-expires: @1663951718
not-found-platform: false
last-modified: Tue, 20 Sep 2022 02:59:04 GMT
server: CDN77-Turbo
x-77-nzt-ray: bN6g1ijkJtY
x-download-options: noopen
x-77-cache: HIT
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/png
memory-cache: false
access-control-expose-headers: Content-Disposition
cache-control: public, max-age=302400
icon-id: 9433
accept-ranges: bytes
version: 0.1.0-SNAPSHOT.20220801211335139

GET
H/1.1 200
OK loading-animation.gif
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/images/ 108 KB
108 KB 291ms
125ms Image
image/gif 193.110.183.243
ARZ

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/images/loading-animation.gif

Requested by

Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.110.183.243 , Austria, ASN24656 (ARZ, AT),

Reverse DNS

arz-193-110-183-243.arz.at

Software

nginx /

Resource Hash

a6042095c8394001a87eae5196a219e0b53c3596cef31784e6d033a710039639

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma
Date: Tue, 20 Sep 2022 13:15:25 GMT
Strict-Transport-Security: max-age=31536000
Server: nginx
X-Frame-Options: DENY
Content-Language: en-US
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=2419200,must-revalidate
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=15, max=100
content-length: 110541
Expires: Tue, 18 Oct 2022 13:15:25 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v6.2.0/css/ 100 KB
23 KB 384ms
37ms Fetch
text/css 172.64.202.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.2.0/css/free.min.css?token=887a93ffa3
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.202.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1081c5c02309927ef4aa2929fc0e14122fb47302d81ea4118acb9d643a1c65e

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 13:15:25 GMT
via: 1.1 2e790b4fedc0451605346ca92a7755a8.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20338
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Aug 2022 16:04:58 GMT
server: cloudflare
etag: W/"0fb4e5b70c498af98f246511192b899d"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FSC6lbGySEfB23f%2F2j0w99cqNljAQgN8V98%2Bc8cpLVTRTFJEfaIyWkoZFl1T1G%2BVzr3K41omcJRSkloruShN1O5p1ASMqSJLc2Qlp4dV%2B4W5%2Fbk5HHnYQ1MJ01dsk1j53wzJTwas8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: DUS51-C1
cf-ray: 74dad46b9bf09be0-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 1lCdoZXYU2I4wPjfk5AQGLNQmg9xcVyRgNA-_1P7s03opXb3HiyUFg==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v6.2.0/css/ 27 KB
5 KB 383ms
36ms Fetch
text/css 172.64.202.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.2.0/css/free-v4-shims.min.css?token=887a93ffa3
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.202.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6c1651291bdbeeaf76023bf75ea9e024acecc85244905df86a5bd98e294e3c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 13:15:25 GMT
via: 1.1 d0be2eec997f966c9c7eb03ae2f75c30.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20338
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Aug 2022 16:04:58 GMT
server: cloudflare
etag: W/"58dea8f45bf2685132179a837507637a"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sd13pab86geDU3IZGFanjL0VwM3Hm8VhISyrBUUPwxueA63%2BzsxwwD0FAuzB0dgrAk2H8fP2RwytM5homief1z%2FNsYd9HYgsyNrv1jnLmB0qgeKC5wnIpo%2BNrFm4JUXFMpHk%2BuK%2FDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: DUS51-C1
cf-ray: 74dad46b9bf49be0-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: pHCfcLy8IykKrdppek6Yi_8hgRXOTcPS86q_4fNqO9oFwu5c6j6JHw==

GET
H2 200 free-v5-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.2.0/css/ 823 B
709 B 389ms
43ms Fetch
text/css 172.64.202.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.2.0/css/free-v5-font-face.min.css?token=887a93ffa3
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.202.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 17e97452418b8595f162bfbd40f3fb96d1153cda5d2b0a49b0d0a05b01fce385

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 13:15:25 GMT
via: 1.1 c51e3be89c14e3f859ea898f7e36ecec.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20338
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Aug 2022 16:04:58 GMT
server: cloudflare
etag: W/"e2e288c32f411dc30c0c399302a30654"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1N%2FZ7ST41s6eHLXalzUMG7F1bODYmqG5tU3QvkJuvIj%2BhhFC4EWyTA0oRPav6R%2BQfsqWrtKmQr6tQzBK%2B4wQMSgtfaQQNbc5t%2F2XJ8zHnwILSGnFygC1N6Y%2BQTnqhqhBC7YprU4Pzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: DUS51-C1
cf-ray: 74dad46b9bf99be0-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 7xnGx9ZMiD97-gpLTTbtKmfpVXArfx7h_f5HLoDZRCwZnQUK1qlRlw==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v6.2.0/css/ 2 KB
1 KB 377ms
31ms Fetch
text/css 172.64.202.28
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v6.2.0/css/free-v4-font-face.min.css?token=887a93ffa3
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/887a93ffa3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.202.28 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 657b38d408d6552df456c765be754c08e6dee14da828fcfc3a05d25567d01521

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date: Tue, 20 Sep 2022 13:15:25 GMT
via: 1.1 51054083366f59cdc509361d23d873ea.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 20338
x-cache: Hit from cloudfront
access-control-allow-methods: GET
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 30 Aug 2022 16:04:58 GMT
server: cloudflare
etag: W/"a0adfe3c7bd1fa905b7f3b5ecea27889"
access-control-max-age: 3000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nrQo1GQY1MMZ%2FSqW6jJncHJvrmSWg4dlV3sCnDQ3584R3EzmeaQm37VTCAiTm7PUyynl3lStiDliKJduWCWv09iJ3j9seaw0p4dVHhw7a4xutrtl5wVgWWUIWuY0KV4YpDiBWKAWCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
x-amz-cf-pop: DUS51-C1
cf-ray: 74dad46b9bfd9be0-FRA
access-control-allow-headers: fa-kit-token
x-amz-cf-id: ss8QsM_OZwn1aa5WL8vuuorpDHJwzXk9JbzrAqpupqhK0MJTPuM77Q==

GET
H/1.1 200
OK login-background.jpg
www.craftgiveaway.com/d/b99/front/assets/ 346 KB
346 KB 288ms
148ms Image
image/jpeg 129.121.16.231
ASMALLORANGE1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.craftgiveaway.com/d/b99/front/assets/login-background.jpg
Requested by: Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/style.css
Protocol: HTTP/1.1
Server: 129.121.16.231 , United States, ASN62729 (ASMALLORANGE1, US),
Reverse DNS: ip-129-121-16-231.local
Software: Apache /
Resource Hash: 7e2e5b98761af2ad33e704867bd4ffca9206c60144e68b6d05ce8eab6298dfbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.craftgiveaway.com/d/b99/front/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date: Tue, 20 Sep 2022 13:15:25 GMT
Last-Modified: Mon, 12 Sep 2022 02:19:19 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=764
Content-Length: 353863

GET
H/1.1 200
OK PostSans-Regular.woff2
meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/fonts/ 21 KB
21 KB 252ms
115ms Font
application/octet-stream 193.110.183.243
ARZ

General

Check archive.org

Show headers Download Go to

Full URL

https://meine.bank99.at/banking/resource/18c355e592860e98ced912b321b615408d8e1a63/m122/fonts/PostSans-Regular.woff2

Requested by

Host: www.craftgiveaway.com
URL: http://www.craftgiveaway.com/d/b99/front/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.110.183.243 , Austria, ASN24656 (ARZ, AT),

Reverse DNS

arz-193-110-183-243.arz.at

Software

nginx /

Resource Hash

a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

Referer: http://www.craftgiveaway.com/
Origin: http://www.craftgiveaway.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Pragma
Date: Tue, 20 Sep 2022 13:15:25 GMT
Strict-Transport-Security: max-age=31536000
Server: nginx
X-Frame-Options: DENY
Content-Language: en-US
Access-Control-Allow-Origin: *
Cache-Control: public,max-age=2419200,must-revalidate
Connection: Keep-Alive
Content-Type: text/plain
Keep-Alive: timeout=15, max=100
Content-Length: 21296
Expires: Tue, 18 Oct 2022 13:15:25 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: bank99 (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.tailwindcss.com
img.icons8.com
ka-f.fontawesome.com
kit.fontawesome.com
meine.bank99.at
www.craftgiveaway.com
129.121.16.231
172.64.202.28
193.110.183.243
2606:4700:20::ac43:4ad5
2606:4700::6812:1634
2a00:1450:4001:80e::200a
2a02:6ea0:cb00::2
0d14ef4e270ba8b5419f93c97f8abf14b27199528509416524877164fe264793
0de36e547f6703f8416190d4d94fee1f1c149e42f850150dfc787aca3f071095
17e97452418b8595f162bfbd40f3fb96d1153cda5d2b0a49b0d0a05b01fce385
2d6e7e5263fa38ed2725e4be49d49fdca61aa60f92ffc1edbd0c3b47dc8c9e2b
35622e99a9a2b6b14de336a558b99b748d5e304ebbdb12cea2db206fe1db2ae5
5d70b0bcaf5fd3e94c5c81613835cf648545e219735f23f4e249a4248e07667e
5ee384f718fabd25f5c632e57a1c2a44a5ff17b14393eaa50f39a6a32410fd99
657b38d408d6552df456c765be754c08e6dee14da828fcfc3a05d25567d01521
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
7e2e5b98761af2ad33e704867bd4ffca9206c60144e68b6d05ce8eab6298dfbd
9a48abc1c0966ae27ea445a3af3f6602ffc5de898fcf007c1b32800cda33f787
a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075
a6042095c8394001a87eae5196a219e0b53c3596cef31784e6d033a710039639
c1081c5c02309927ef4aa2929fc0e14122fb47302d81ea4118acb9d643a1c65e
c6c1651291bdbeeaf76023bf75ea9e024acecc85244905df86a5bd98e294e3c0

www.craftgiveaway.com Open in urlscan Pro 129.121.16.231 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

60 %HTTPS

57 %IPv6

6 Domains

7 Subdomains

7 IPs

4 Countries

676 kBTransfer

1073 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

0 Cookies

Indicators

www.craftgiveaway.com Open in urlscan Pro
129.121.16.231 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

60 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

7
IPs

4
Countries

676 kB
Transfer

1073 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!