![](/screenshots/648128d1-f382-4c6a-9389-e214c7c60e2e.png)
td-btc.com
Open in
urlscan Pro
2a06:98c1:3120::9
Malicious Activity!
Public Scan
Effective URL: https://td-btc.com/
Submission: On February 24 via api from FI — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on January 14th 2024. Valid for: 3 months.
This is the only time td-btc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 21 | 2a06:98c1:312... 2a06:98c1:3120::9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82f::2003 | 15169 (GOOGLE) (GOOGLE) | |
24 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
td-btc.com
3 redirects
td-btc.com |
236 KB |
4 |
td-btc.net
api.td-btc.net |
6 KB |
1 |
gstatic.com
fonts.gstatic.com |
14 KB |
0 |
aliyuncs.com
Failed
babaoss.oss-accelerate-overseas.aliyuncs.com Failed |
|
24 | 4 |
Domain | Requested by | |
---|---|---|
21 | td-btc.com |
3 redirects
td-btc.com
|
4 | api.td-btc.net |
td-btc.com
|
1 | fonts.gstatic.com |
td-btc.com
|
0 | babaoss.oss-accelerate-overseas.aliyuncs.com Failed | |
24 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
td-btc.com GTS CA 1P5 |
2024-01-14 - 2024-04-13 |
3 months | crt.sh |
td-btc.net GTS CA 1P5 |
2024-01-14 - 2024-04-13 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-02-05 - 2024-04-29 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://td-btc.com/
Frame ID: 611515F011551F27D46B85052577D1E5
Requests: 23 HTTP requests in this frame
Frame:
https://td-btc.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
Frame ID: 59D586386367ED3E82C33A912689D2BF
Requests: 2 HTTP requests in this frame
Screenshot
![](/screenshots/648128d1-f382-4c6a-9389-e214c7c60e2e.png)
Page Title
https://td-btc.ltdPage URL History Show full URLs
- http://td-btc.com/ Page URL
-
http://td-btc.com/cdn-cgi/phish-bypass?atok=cNNG42o_ZkTUwR9zxGnYADdu_kX07pedqpzEbn4Oolc-170874...
HTTP 301
http://td-btc.com/ HTTP 301
https://td-btc.com/ Page URL
Detected technologies
![](/vendor/wappa/icons/Vue.js.png)
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://td-btc.com/ Page URL
-
http://td-btc.com/cdn-cgi/phish-bypass?atok=cNNG42o_ZkTUwR9zxGnYADdu_kX07pedqpzEbn4Oolc-1708746333-0.0-%2F
HTTP 301
http://td-btc.com/ HTTP 301
https://td-btc.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://td-btc.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
- https://td-btc.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/main.js
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
td-btc.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
td-btc.com/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
td-btc.com/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
td-btc.com/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config.js
td-btc.com/common/ |
5 KB 978 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-f8aed0f4.js
td-btc.com/assets/ |
292 KB 101 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index-99ce1166.css
td-btc.com/assets/ |
231 KB 60 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
get_lang_json
api.td-btc.net/api/public/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
app_info
api.td-btc.net/api/user/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
get_lang_json
api.td-btc.net/api/public/ |
12 KB 5 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app_info
api.td-btc.net/api/user/ |
2 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
td-btc.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/0f752fefe334/ Frame 59D5 Redirect Chain
|
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
85a4b7895ffa22a9
td-btc.com/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 59D5 |
0 590 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
login-584cdbf7.js
td-btc.com/assets/ |
14 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
VCard-9984b766.js
td-btc.com/assets/ |
1 KB 967 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
VCard-7dd0db1d.css
td-btc.com/assets/ |
423 B 707 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
VPhoneSelect.vue_vue_type_script_setup_true_lang-e0f599e4.js
td-btc.com/assets/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
VInput.vue_vue_type_script_setup_true_lang-b6f16ac6.js
td-btc.com/assets/ |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
theme1-auth-bg-d8e7f33b.js
td-btc.com/assets/ |
63 B 530 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
useAuth-28c0a63c.js
td-btc.com/assets/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
login-7d58783d.css
td-btc.com/assets/ |
5 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
2bee2f7ccd69ed838ba07c3f2c0dfb10.jpg
babaoss.oss-accelerate-overseas.aliyuncs.com/upload/20231117/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
theme1-auth-bg-0ef6f814.jpeg
td-btc.com/assets/ |
45 KB 45 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
340 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRSW32.woff2
fonts.gstatic.com/s/dmsans/v14/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- babaoss.oss-accelerate-overseas.aliyuncs.com
- URL
- https://babaoss.oss-accelerate-overseas.aliyuncs.com/upload/20231117/2bee2f7ccd69ed838ba07c3f2c0dfb10.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| __INTLIFY_PROD_DEVTOOLS__ object| __VUE_INSTANCE_SETTERS__ boolean| __VUE_I18N_FULL_INSTALL__ boolean| __VUE_I18N_LEGACY_API__ boolean| __VUE__2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.td-btc.com/ | Name: __cf_mw_byp Value: cNNG42o_ZkTUwR9zxGnYADdu_kX07pedqpzEbn4Oolc-1708746333-0.0-/ |
|
.td-btc.com/ | Name: cf_clearance Value: Al_stDTHcHYTOGQS_1uzsVkS52A77xpAh6pBPKY181I-1708746340-1.0-AQCEsqvJMah5Oi9x173WJFRXw1Ch+SVivpbJZDdx0Mt8zBrhp5BYd+tifMzZivrp0DX2OQPnSG2DxdxWQw3hziY= |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.td-btc.net
babaoss.oss-accelerate-overseas.aliyuncs.com
fonts.gstatic.com
td-btc.com
babaoss.oss-accelerate-overseas.aliyuncs.com
2a00:1450:4001:82f::2003
2a06:98c1:3120::9
2a06:98c1:3121::3
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
143d830212a18b0ed5d5ecb80f83452a2d18d6f541e8a5ecdbefbcc22660729b
17fabeac620cf7026e0ba78567436538722298cbd5894dca34364e03a0fae6b2
3493f02e9132ad5e7d3a816c5e854d6e98e21042c065ba29d2497573be48162a
41b23a4f4b8aa8f4cb08ac70aafb2e5370513e1c6fe5810cd9ad286d86496a25
4e84cf0322938448e5ef61acef40d455275a425264f3dcbc033a422e1e657705
5371fe45701acc855d387654dc20f475fbdd34595a3701cc6944b465f550716b
7d58783d0adb12e82e308db8a03769d4db843b030bc18fb577933c9304dcc729
7dd0db1dae944d581796d8c5d6e25173738a978a5b6db7eda2f396ef7e227cec
933e6f65cc9fe32b8428bd31afb1c4f04a603690b373267ec6ffa0691378dff3
942e918ab26c08a3ceb4d68e472e11f6ffd3266d29edc1dfe3f283f664ea6835
9436f223f3ce6274bd772f7eb28249adc4a0723c7f0de8debb8f3833a73095e1
9875e58f1af4cc4a665800ec34842ac98dd9aeee3f81f31a8cb2936e50ca2f00
b99e2ac0acd1e779f2db8aa9fc92e5901207ad6150689a5318163a70ee667157
c0d390b4f2785502c2e09c47cdade23ea6287b0212fd4aa44a15dea03a469c40
d1e029efec1e30755facbc24f9966a8782da6ba02e2df9922943ff23e9bee9d7
d5445a7f810aedf5f6632650c0003fe4f6dd98dfe4ef936f959dd18b16214ae5
d7e16ba11f1feb4021d7b6b5e48f5408fb6855207f27c2f4f78297c9bfad2ad5
d9d76a17fb3c9d178fa3ff5928637daed711e79b184aebec8867947bcef09c10
dbda7df326a50a667e4e376fc86c898a973557712c89f25cdf73fffbdb0d6e3d
def4889edc346a48547937a560bd8e2a61c07ec4e8d166e445ac2d654d3d93d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f972bae7a58340ede86a1efebdf31ba686868400b912ea2b1fca3e7c77afec3b