crypto-2023.s3.amazonaws.com Open in urlscan Pro
52.216.217.49 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://crypto-2023.s3.amazonaws.com/shib/index.html
Submission: On August 24 via api (August 24th 2023, 1:54:44 am UTC) from US — Scanned from DE

Summary HTTP 23 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 8 domains to perform 23 HTTP transactions. The main IP is 52.216.217.49, located in Ashburn, United States and belongs to AMAZON-02, US. The main domain is crypto-2023.s3.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on March 21st 2023. Valid for: 9 months.

This is the only time crypto-2023.s3.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
2	52.216.217.49 52.216.217.49	16509 (AMAZON-02) (AMAZON-02)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1a	20446 (STACKPATH...) (STACKPATH-CDN)
2	192.0.77.40 192.0.77.40	2635 (AUTOMATTIC) (AUTOMATTIC)
4	146.75.116.193 146.75.116.193	54113 (FASTLY) (FASTLY)
2 8	2606:4700:7::... 2606:4700:7::a29f:9904	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
3	78.46.73.220 78.46.73.220	24940 (HETZNER-AS) (HETZNER-AS)
1	2606:4700:303... 2606:4700:3031::6815:48ca	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	9

2 52.216.217.49 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

crypto-2023.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1a (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.40 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: assets.tumblr.com

static.tumblr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.75.116.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:7::a29f:9904 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

miro.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
glyph.medium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 78.46.73.220 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: uranus.semagroup.ru

images.vfl.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::6815:48ca (United States)

ASN13335 (CLOUDFLARENET, US)

xrpcommunity.blog	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	medium.com 2 redirects miro.medium.com — Cisco Umbrella Rank: 16444 glyph.medium.com — Cisco Umbrella Rank: 21552	110 KB
4	twimg.com pbs.twimg.com — Cisco Umbrella Rank: 1054	69 KB
4	imgur.com i.imgur.com — Cisco Umbrella Rank: 7475	200 KB
3	vfl.ru images.vfl.ru — Cisco Umbrella Rank: 484348	54 KB
2	tumblr.com static.tumblr.com — Cisco Umbrella Rank: 56808	99 KB
2	amazonaws.com crypto-2023.s3.amazonaws.com	127 KB
1	xrpcommunity.blog xrpcommunity.blog	40 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 736	30 KB
23	8

	Domain	Requested by
4	glyph.medium.com	static.tumblr.com
4	pbs.twimg.com	crypto-2023.s3.amazonaws.com
4	miro.medium.com	2 redirects crypto-2023.s3.amazonaws.com
4	i.imgur.com	crypto-2023.s3.amazonaws.com
3	images.vfl.ru	crypto-2023.s3.amazonaws.com
2	static.tumblr.com	crypto-2023.s3.amazonaws.com
2	crypto-2023.s3.amazonaws.com	crypto-2023.s3.amazonaws.com
1	xrpcommunity.blog	crypto-2023.s3.amazonaws.com
1	code.jquery.com	crypto-2023.s3.amazonaws.com
23	9

This site contains links to these domains. Also see Links.

Domain
medium.com

Subject Issuer	Validity	Valid
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-03-21` - `2023-12-19`	9 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.tumblr.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-13` - `2024-03-12`	a year	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
*.vfl.ru GTS CA 1P5	`2023-07-25` - `2023-10-23`	3 months	crt.sh
xrpcommunity.blog GTS CA 1P5	`2023-07-05` - `2023-10-03`	3 months	crt.sh
medium.com Cloudflare Inc ECC CA-3	`2023-08-20` - `2023-11-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://crypto-2023.s3.amazonaws.com/shib/index.html
Frame ID: FD0FFBFFCFAC8439835736840A2B0958
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

500,000,000,000 SHIB SHIBA INU Airdrop – Medium

Detected technologies

Medium (Blogs) Expand

Overall confidence: 100%
Detected patterns

medium\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

91 %
HTTPS

50 %
IPv6

8
Domains

9
Subdomains

9
IPs

3
Countries

769 kB
Transfer

1294 kB
Size

1
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://medium.com/
Title: Homepage

Search URL Search Domain Scan URL

URL: https://medium.com/membership?source=upgrade_membership---nav_full
Title: Become a member

Search URL Search Domain Scan URL

URL: https://medium.com/m/signin?redirect=https%3A%2F%2Fmedium.com%2F%40Natalixxxx98%2Fmcafee-crypto-extravaganza-btc-and-eth-airdrop-promo-d0f0afa4999f&source=--------------------------nav_reg&operation=login
Title: Sign in

Search URL Search Domain Scan URL

URL: https://medium.com/?source=post_header_lockup

Search URL Search Domain Scan URL

URL: https://medium.com/?source=footer_card

Search URL Search Domain Scan URL

URL: https://medium.com/@cryptorand

Search URL Search Domain Scan URL

URL: https://medium.com/@AleksandarSvetski

Search URL Search Domain Scan URL

URL: https://medium.com/@ThisIsKlinger

Search URL Search Domain Scan URL

URL: https://medium.com/@crpto3332
Title: Digital Asset Investor

Search URL Search Domain Scan URL

URL: https://medium.com/@e434534egwer

Search URL Search Domain Scan URL

URL: https://medium.com/@NateRubenRDM

Search URL Search Domain Scan URL

URL: https://medium.com/p/d0f0afa4999f/share/twitter

Search URL Search Domain Scan URL

URL: https://medium.com/p/d0f0afa4999f/share/facebook

Search URL Search Domain Scan URL

URL: https://medium.com/@Medium/personalize-your-medium-experience-with-users-publications-tags-26a41ab1ee0c#.hx4zuv3mg
Title: Learn more

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://miro.medium.com/max/240/1*tIWs8Qk_-H0ANcEVDFGLsg.png HTTP 301
https://miro.medium.com/v2/resize:fit:240/1*tIWs8Qk_-H0ANcEVDFGLsg.png

Request Chain 7

https://miro.medium.com/max/240/1*mdJWWVTfTd7LMbR1pZvZ0A.jpeg HTTP 301
https://miro.medium.com/v2/resize:fit:240/1*mdJWWVTfTd7LMbR1pZvZ0A.jpeg

23 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
crypto-2023.s3.amazonaws.com/shib/ 126 KB
126 KB 449ms
172ms Document
text/html 52.216.217.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://crypto-2023.s3.amazonaws.com/shib/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.217.49 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 45cdaa9b236541b09cb2d8c386a34c5ca779bca120ac59370df81c421a48b192

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Content-Length: 129049
Content-Type: text/html
Date: Thu, 24 Aug 2023 01:54:40 GMT
ETag: "af28f595eba9bfb8c35557e21b081e4e"
Last-Modified: Wed, 16 Aug 2023 05:20:15 GMT
Server: AmazonS3
x-amz-id-2: 86iBgdrT+7KzKF46DLf7fF4To4pgLTwukb1HzGzD//0bBhojskPitb1DLGW4079gj1MwIDbMvD4=
x-amz-request-id: ZWR7RN2MFW6GGNWB
x-amz-server-side-encryption: AES256

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 190ms
33ms Script
application/javascript 2001:4de0:ac18::1:a:1a
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: "620cd6ff-15851"
vary: Accept-Encoding
x-hw: 1692842079.dop001.am5.t,1692842079.cds235.am5.hn,1692842079.cds254.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 m2.css
static.tumblr.com/bejxdgc/NDhpx23f1/ 64 KB
43 KB 184ms
28ms Stylesheet
text/css 192.0.77.40
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://static.tumblr.com/bejxdgc/NDhpx23f1/m2.css

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.40 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

assets.tumblr.com

Software

nginx /

Resource Hash

29e89f00341d65ffbab6fdfce78f7e42a1daf4bda2e3615ad9466e2ce47760ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 24 Aug 2023 01:54:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload
last-modified: Fri, 30 Aug 2019 15:37:50 GMT
server: nginx
etag: W/"376dd17dad7defb0a0c4f2d99445382f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main-branding-base.css
static.tumblr.com/bejxdgc/H7hpx23gv/ 510 KB
56 KB 184ms
28ms Stylesheet
text/css 192.0.77.40
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://static.tumblr.com/bejxdgc/H7hpx23gv/main-branding-base.css

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.40 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

assets.tumblr.com

Software

nginx /

Resource Hash

be9a62a389ef14e5aa7c9c7ef9f7bec271ecce1f86aa8f0cdcc9a5e3acf7948e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Thu, 24 Aug 2023 01:54:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload
last-modified: Fri, 30 Aug 2019 15:38:57 GMT
server: nginx
etag: W/"0acc5b1299f898a0c3a615c3aab31699"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
x-amz-storage-class: STANDARD_IA
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 7iXMucq.jpg
i.imgur.com/ 33 KB
33 KB 103ms
29ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/7iXMucq.jpg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

bc355985bda58aad15c45177380805497c8186146e4fcced854b12ad6a034491

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD89-P1
age: 776363
x-cache: Miss from cloudfront, HIT, HIT
content-length: 33504
x-served-by: cache-iad-kiad7000057-IAD, cache-fra-eddf8230116-FRA
last-modified: Wed, 12 May 2021 00:24:12 GMT
server: cat factory 1.0
x-timer: S1692842080.921478,VS0,VE1
etag: "6cfc84f38940435c7855e4aced978652"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: YE1NK5-XbVraN2hhEvk2fuRfuDdOinStAVmJhWVNIwv71Gcchex0KQ==
x-cache-hits: 90, 1

GET
H/1.1 403
Forbidden 1UATD6Vui-5Xa4Vb2QAOtbg_002.png
crypto-2023.s3.amazonaws.com/shib/index_files/ 243 B
243 B 232ms
131ms Image
application/xml 52.216.217.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://crypto-2023.s3.amazonaws.com/shib/index_files/1UATD6Vui-5Xa4Vb2QAOtbg_002.png
Requested by: Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.217.49 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6c01ad34e60e9ce52abf4f0ca7803d2c97c0c24f21b9ef1e98dba53ad4f918e2

Request headers

Referer: https://crypto-2023.s3.amazonaws.com/shib/index.html
Origin: https://crypto-2023.s3.amazonaws.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 01:54:39 GMT
Server: AmazonS3
x-amz-request-id: 3X1S4TS5QXXJBTH3
x-amz-id-2: QxaFa1V+nIprjFZtcsGCTlDMB4HILIPQa+FHxA5Wzwzvp6DAgMVXal7zVeHZVpHY0MOUt0elVeo=
Transfer-Encoding: chunked
Content-Type: application/xml

GET
H2 200 HPY07ru.jpg
i.imgur.com/ 124 KB
124 KB 108ms
59ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/HPY07ru.jpg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

dca9e2620e1a175e82986d268b80847dc0dacc952e8b4f5d289335200ef74f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 678859
x-cache: Miss from cloudfront, HIT, HIT
content-length: 126834
x-served-by: cache-iad-kiad7000123-IAD, cache-fra-eddf8230116-FRA
last-modified: Wed, 12 May 2021 00:18:35 GMT
server: cat factory 1.0
x-timer: S1692842080.921457,VS0,VE2
etag: "58d5f9d360effb7d60c11bdc0f91bb73"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: rphiyU6crexit-P3CC5M94YsxNZeMhUtwd_7JV1dVW5P1hCQ9u9DMg==
x-cache-hits: 81, 1

GET
H3

200

1*tIWs8Qk_-H0ANcEVDFGLsg.png
miro.medium.com/v2/resize:fit:240/
Redirect Chain

https://miro.medium.com/max/240/1*tIWs8Qk_-H0ANcEVDFGLsg.png
https://miro.medium.com/v2/resize:fit:240/1*tIWs8Qk_-H0ANcEVDFGLsg.png

5 KB
5 KB

33ms
33ms

Image
image/png

2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:240/1*tIWs8Qk_-H0ANcEVDFGLsg.png

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee5b4595b3ea127c1626e725c6f5ec3fa7bf93fc36b1b38845e881e18b7873a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:40 GMT
content-security-policy: script-src 'none'
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
age: 40842
x-envoy-upstream-service-time: 72
content-disposition: inline; filename="1*tIWs8Qk_-H0ANcEVDFGLsg.png"
alt-svc: h3=":443"; ma=86400
content-length: 5070
x-request-id: 26bb3934-54a1-4c94-9f1d-8bb31030ca16
sepia-upstream: medium
server: cloudflare
etag: "zxgbBaBJSEfa-aHOAvoIWrslaQG6ePKYMT5OU3xc74Q/RImI0ODVhY2YxMDkzZmY4N2QwMDM1YzExNTBjNTE4YmIyIg"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
accept-ranges: bytes
cf-ray: 7fb7f7f88c172685-TXL
expires: Fri, 23 Aug 2024 01:54:40 GMT

Redirect headers

date: Thu, 24 Aug 2023 01:54:40 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
content-length: 0
sepia-upstream: medium
server: cloudflare
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
location: /v2/resize:fit:240/1*tIWs8Qk_-H0ANcEVDFGLsg.png
cache-control: public, max-age=7200
cf-ray: 7fb7f7f779874522-TXL
expires: Thu, 24 Aug 2023 03:54:40 GMT

GET
H2

200

1*mdJWWVTfTd7LMbR1pZvZ0A.jpeg
miro.medium.com/v2/resize:fit:240/
Redirect Chain

https://miro.medium.com/max/240/1*mdJWWVTfTd7LMbR1pZvZ0A.jpeg
https://miro.medium.com/v2/resize:fit:240/1*mdJWWVTfTd7LMbR1pZvZ0A.jpeg

10 KB
11 KB

31ms
30ms

Image
image/jpeg

2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://miro.medium.com/v2/resize:fit:240/1*mdJWWVTfTd7LMbR1pZvZ0A.jpeg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71e7ba40c4e4a06d9ba4e400ab7ded9fef314b1b5b0462fc89c2cd9925756ddd

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:40 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: script-src 'none'
cf-cache-status: HIT
age: 40842
x-envoy-upstream-service-time: 54
content-disposition: inline; filename="1*mdJWWVTfTd7LMbR1pZvZ0A.jpg"
alt-svc: h3=":443"; ma=86400
content-length: 10503
x-request-id: 550c1444-74ac-461f-8f61-cf79863a46c0
sepia-upstream: medium
cf-bgj: h2pri
server: cloudflare
etag: "zxgbBaBJSEfa-aHOAvoIWrslaQG6ePKYMT5OU3xc74Q/RIjk5ZDI1NjU5NTRkZjRkZGVjYjMxYjQ3NWE1OWJkOWQwIg"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
medium-fulfilled-by: miro-v2/main-20230504-173313-6b0ae64c18
accept-ranges: bytes
cf-ray: 7fb7f7f85a494522-TXL
expires: Fri, 23 Aug 2024 01:54:40 GMT

Redirect headers

date: Thu, 24 Aug 2023 01:54:40 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
content-length: 0
sepia-upstream: medium
server: cloudflare
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
location: /v2/resize:fit:240/1*mdJWWVTfTd7LMbR1pZvZ0A.jpeg
cache-control: public, max-age=7200
cf-ray: 7fb7f7f779884522-TXL
expires: Thu, 24 Aug 2023 03:54:40 GMT

GET
H2 200 aVq2oAP-_normal.jpg
pbs.twimg.com/profile_images/1006221503548059657/ 2 KB
2 KB 115ms
29ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1006221503548059657/aVq2oAP-_normal.jpg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6727) /

Resource Hash

8ed4d5864bd422a465a7a7cb8270d1cfbd7d7bb28b47a70da3b10e45562bf9c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 287446
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 1807
x-response-time: 107
surrogate-key: profile_images profile_images/bucket/3 profile_images/1006221503548059657
last-modified: Mon, 11 Jun 2018 17:05:55 GMT
server: ECS (frb/6727)
x-tw-cdn: VZ, VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: 22fdf789ed1e3ef8
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7626143928
x-connection-hash: 1af90803308264a915463c782da8d07a133a284aaebe35f58963ee4dfa8119df
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 a3a234d295e0a5824b856d5ddf228d0c_bigger.jpeg
pbs.twimg.com/profile_images/2924807632/ 2 KB
2 KB 116ms
29ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/2924807632/a3a234d295e0a5824b856d5ddf228d0c_bigger.jpeg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67E2) /

Resource Hash

bf82b5b7148bf7f3ae01c94d29508087c09fa250768f4e54f015e6b02816487f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 581607
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 1794
x-response-time: 107
surrogate-key: profile_images profile_images/bucket/5 profile_images/2924807632
last-modified: Thu, 04 Nov 2010 01:42:54 GMT
server: ECS (frb/67E2)
x-tw-cdn: VZ, VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: 9ced01df1b06d925
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7626143928
x-connection-hash: 609f4b63a4d9b534c863ed021d42a67f98087bd039560026942649ca34ae59e0
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 btCw5tO.jpg
i.imgur.com/ 20 KB
20 KB 87ms
38ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/btCw5tO.jpg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

2e46b04ceabba5de839cd46cb953a923e2a4b99a97fe8b1a7b7f8d812d74fca8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 678859
x-cache: Miss from cloudfront, HIT, HIT
content-length: 20654
x-served-by: cache-iad-kjyo7100125-IAD, cache-fra-eddf8230116-FRA
last-modified: Fri, 28 May 2021 18:06:31 GMT
server: cat factory 1.0
x-timer: S1692842080.921556,VS0,VE1
etag: "2c7415eb488092802f18827cc34dc658"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: BYLeaYNKVAEW9g-7idzJVlD0OtcvSujAU0Zme-8d-9BED--n7AZevA==
x-cache-hits: 6, 1

GET
H/1.1 200
OK 31995194.jpg
images.vfl.ru/ii/1603179008/42fb7399/ 23 KB
24 KB 254ms
65ms Image
image/jpeg 78.46.73.220
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.vfl.ru/ii/1603179008/42fb7399/31995194.jpg
Requested by: Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 78.46.73.220 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: uranus.semagroup.ru
Software: nginx /
Resource Hash: 009212414c1277cbc1768c9e11dd24f6352295881ccfebd8a42c66fe688cb20a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 01:54:40 GMT
Last-Modified: Tue, 20 Oct 2020 07:30:08 GMT
Server: nginx
ETag: "5f8e9200-5d8d"
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 23949
Expires: Sat, 23 Sep 2023 01:54:40 GMT

GET
H2 200 pTlu6wrD_400x400.jpg
pbs.twimg.com/profile_images/1076901702102597632/ 46 KB
46 KB 116ms
30ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/1076901702102597632/pTlu6wrD_400x400.jpg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/668C) /

Resource Hash

198f7f8d32f771479af26f52469b8dd04dc50cd187aceb661dd3beeffaa2aebc

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 552795
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 46912
x-response-time: 113
surrogate-key: profile_images profile_images/bucket/0 profile_images/1076901702102597632
last-modified: Sun, 23 Dec 2018 18:03:48 GMT
server: ECS (frb/668C)
x-tw-cdn: VZ, VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: d65bddb0db923088
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7626143928
x-connection-hash: be98e06f2d961a4ea0f9340c244ac562489661ebcecf95bc9a9ab2c61bf7fc78
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 VItKwBD2_400x400.jpg
pbs.twimg.com/profile_images/817962897011867651/ 18 KB
18 KB 63ms
62ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pbs.twimg.com/profile_images/817962897011867651/VItKwBD2_400x400.jpg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/668D) /

Resource Hash

8c16cea95eec6f9f7932b7571e6ee2f375f89cd5bdcc955b05a7c09619c8c0aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=631138519
x-content-type-options: nosniff
age: 209732
x-cache: HIT
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
content-length: 18508
x-response-time: 116
surrogate-key: profile_images profile_images/bucket/2 profile_images/817962897011867651
last-modified: Sun, 08 Jan 2017 05:13:26 GMT
server: ECS (frb/668D)
x-tw-cdn: VZ, VZ, VZ
content-type: image/jpeg
access-control-allow-origin: *
x-transaction-id: 498300932b422b7d
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
perf: 7626143928
x-connection-hash: 21d988409e8f32af432061c2b0ba8d2f48d3e14b82a7c47299fe7fc8142e97ca
accept-ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H2 200 1FV8zXmA_400x400-1.jpg
xrpcommunity.blog/content/images/2019/01/ 39 KB
40 KB 135ms
35ms Image
image/jpeg 2606:4700:3031::6815:48ca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://xrpcommunity.blog/content/images/2019/01/1FV8zXmA_400x400-1.jpg
Requested by: Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:48ca , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 5ae7f26a885e08ffc3f1e69c2a80d9121f66b3251ecce25c5494ee1e9cb3ae24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 671868
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
content-length: 39922
blog-cache: HIT
last-modified: Mon, 07 Jan 2019 16:52:20 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XKCh6f%2BZh%2BC4uZeBTiqcakGMh6c7skVBpyvoOFVqAAN%2B6v1xV5DjE%2Fn1bxp8UEQud84UHF2MvGE2ADbDVI6r8bAV5Jd1k%2FBzNO%2Fp5Cnfeh7UKYG0ZQAWvR54JKk8%2FVNBkOpMEqqW9cvrf4IOVT55Ow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
blog-cache-noinstr: 0
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7fb7f7f86a393611-FRA
expires: Sat, 13 Aug 2033 05:43:13 GMT

GET
H2 200 EGJAonE.jpg
i.imgur.com/ 22 KB
22 KB 61ms
61ms Image
image/jpeg 146.75.116.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/EGJAonE.jpg

Requested by

Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

146.75.116.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

41fd8c28563381ba5020b851b2c08db9623f4ed109d4e4164555eef0b8287391

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-amz-cf-pop: IAD12-P2
age: 678859
x-cache: Miss from cloudfront, HIT, HIT
content-length: 22171
x-served-by: cache-iad-kcgs7200047-IAD, cache-fra-eddf8230116-FRA
last-modified: Fri, 28 May 2021 17:57:27 GMT
server: cat factory 1.0
x-timer: S1692842080.960265,VS0,VE1
etag: "234db26959d5ad6108af7e7b1041436f"
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-amz-cf-id: vwpuwKsP_n0GIf0PUD9D5symqUk3ojg-AFZgRc9lBShnK0sUR9lndQ==
x-cache-hits: 52, 1

GET
H/1.1 200
OK 31995213.jpg
images.vfl.ru/ii/1603179063/ea8302f0/ 14 KB
15 KB 167ms
65ms Image
image/jpeg 78.46.73.220
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.vfl.ru/ii/1603179063/ea8302f0/31995213.jpg
Requested by: Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 78.46.73.220 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: uranus.semagroup.ru
Software: nginx /
Resource Hash: 51a2e0a41aa21e4fe9a6f845991804795bd3e2e591d2857dcb0b5438c005b65e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 01:54:40 GMT
Last-Modified: Tue, 20 Oct 2020 07:31:03 GMT
Server: nginx
ETag: "5f8e9237-397f"
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 14719
Expires: Sat, 23 Sep 2023 01:54:40 GMT

GET
H/1.1 200
OK 31995215.jpg
images.vfl.ru/ii/1603179120/64e5c4c0/ 15 KB
15 KB 165ms
65ms Image
image/jpeg 78.46.73.220
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.vfl.ru/ii/1603179120/64e5c4c0/31995215.jpg
Requested by: Host: crypto-2023.s3.amazonaws.com
URL: https://crypto-2023.s3.amazonaws.com/shib/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 78.46.73.220 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: uranus.semagroup.ru
Software: nginx /
Resource Hash: 73024df79228a8ba7a633126a340f76e735a0cdde940bb86a2ef8e2ff5f98008

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://crypto-2023.s3.amazonaws.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date: Thu, 24 Aug 2023 01:54:40 GMT
Last-Modified: Tue, 20 Oct 2020 07:32:00 GMT
Server: nginx
ETag: "5f8e9270-3bbc"
Content-Type: image/jpeg
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=20
Content-Length: 15292
Expires: Sat, 23 Sep 2023 01:54:40 GMT

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1de21730854ea4db035a81914cb0bd57aa74d715af6f89b46a2d002917ca1ed

Request headers

Referer
Origin: https://crypto-2023.s3.amazonaws.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 24 KB
25 KB 103ms
51ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/fell-400-normal.woff

Requested by

Host: static.tumblr.com
URL: https://static.tumblr.com/bejxdgc/NDhpx23f1/m2.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.tumblr.com/
Origin: https://crypto-2023.s3.amazonaws.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 25934162
x-envoy-upstream-service-time: 68
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7fb7f7f79f69452e-TXL
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 23 Aug 2024 01:54:39 GMT

GET
DATA 200
OK truncated
/ 15 KB
15 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

Request headers

Referer
Origin: https://crypto-2023.s3.amazonaws.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 charter-700-normal.woff
glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/ 15 KB
15 KB 88ms
36ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/f50d520/0-3j_4g_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/charter-700-normal.woff

Requested by

Host: static.tumblr.com
URL: https://static.tumblr.com/bejxdgc/NDhpx23f1/m2.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.tumblr.com/
Origin: https://crypto-2023.s3.amazonaws.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 25934162
x-envoy-upstream-service-time: 53
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7fb7f7f79f6a452e-TXL
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 23 Aug 2024 01:54:39 GMT

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
font/opentype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99a9df080944a29084bf6f88ccc49b1f3a0cee1aed655c640ca433871a6af398

Request headers

Referer
Origin: https://crypto-2023.s3.amazonaws.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: font/opentype

GET
H2 200 fell-400-normal.woff
glyph.medium.com/font/78ce731/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 31 KB
31 KB 81ms
34ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/78ce731/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/fell-400-normal.woff

Requested by

Host: static.tumblr.com
URL: https://static.tumblr.com/bejxdgc/NDhpx23f1/m2.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c88a6fd9c0f927b6c6eb6a0333d8df738064c2f09458bb23064d319ae34f344f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.tumblr.com/
Origin: https://crypto-2023.s3.amazonaws.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 25932680
x-envoy-upstream-service-time: 44
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7fb7f7f79f6b452e-TXL
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 23 Aug 2024 01:54:39 GMT

GET
H2 200 marat-sans-600-normal.woff
glyph.medium.com/font/6f4b679/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/ 21 KB
22 KB 65ms
34ms Font
application/font-woff 2606:4700:7::a29f:9904
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://glyph.medium.com/font/6f4b679/3k-4f_4h-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/marat-sans-600-normal.woff

Requested by

Host: static.tumblr.com
URL: https://static.tumblr.com/bejxdgc/NDhpx23f1/m2.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:9904 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

55d27bc022e15405d265e47606de521b651c850f277a949468158bdff378ba30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://static.tumblr.com/
Origin: https://crypto-2023.s3.amazonaws.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 24 Aug 2023 01:54:39 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
age: 124846
x-envoy-upstream-service-time: 90
alt-svc: h3=":443"; ma=86400
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 7fb7f7f79f6c452e-TXL
access-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid
expires: Fri, 23 Aug 2024 01:54:39 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.medium.com/	1969-12-31 23:59:59	Name: __cfruid Value: 81ab9a091639367a158febb7809642ce672fc520-1692842080

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://crypto-2023.s3.amazonaws.com/shib/index_files/1UATD6Vui-5Xa4Vb2QAOtbg_002.png Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
crypto-2023.s3.amazonaws.com
glyph.medium.com
i.imgur.com
images.vfl.ru
miro.medium.com
pbs.twimg.com
static.tumblr.com
xrpcommunity.blog
146.75.116.193
192.0.77.40
2001:4de0:ac18::1:a:1a
2606:2800:134:fa2:1627:1fe:edb:1665
2606:4700:3031::6815:48ca
2606:4700:7::a29f:9904
52.216.217.49
78.46.73.220
009212414c1277cbc1768c9e11dd24f6352295881ccfebd8a42c66fe688cb20a
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
198f7f8d32f771479af26f52469b8dd04dc50cd187aceb661dd3beeffaa2aebc
29e89f00341d65ffbab6fdfce78f7e42a1daf4bda2e3615ad9466e2ce47760ef
2e46b04ceabba5de839cd46cb953a923e2a4b99a97fe8b1a7b7f8d812d74fca8
41fd8c28563381ba5020b851b2c08db9623f4ed109d4e4164555eef0b8287391
45cdaa9b236541b09cb2d8c386a34c5ca779bca120ac59370df81c421a48b192
51a2e0a41aa21e4fe9a6f845991804795bd3e2e591d2857dcb0b5438c005b65e
55d27bc022e15405d265e47606de521b651c850f277a949468158bdff378ba30
582a04757d62c3d9ad1c9cc5d7e40787a900fd02b3aeace43d41008a7658d071
5ae7f26a885e08ffc3f1e69c2a80d9121f66b3251ecce25c5494ee1e9cb3ae24
6c01ad34e60e9ce52abf4f0ca7803d2c97c0c24f21b9ef1e98dba53ad4f918e2
71e7ba40c4e4a06d9ba4e400ab7ded9fef314b1b5b0462fc89c2cd9925756ddd
73024df79228a8ba7a633126a340f76e735a0cdde940bb86a2ef8e2ff5f98008
8c16cea95eec6f9f7932b7571e6ee2f375f89cd5bdcc955b05a7c09619c8c0aa
8ed4d5864bd422a465a7a7cb8270d1cfbd7d7bb28b47a70da3b10e45562bf9c0
99a9df080944a29084bf6f88ccc49b1f3a0cee1aed655c640ca433871a6af398
9ee5b4595b3ea127c1626e725c6f5ec3fa7bf93fc36b1b38845e881e18b7873a
bc355985bda58aad15c45177380805497c8186146e4fcced854b12ad6a034491
be9a62a389ef14e5aa7c9c7ef9f7bec271ecce1f86aa8f0cdcc9a5e3acf7948e
bf82b5b7148bf7f3ae01c94d29508087c09fa250768f4e54f015e6b02816487f
c88a6fd9c0f927b6c6eb6a0333d8df738064c2f09458bb23064d319ae34f344f
d1de21730854ea4db035a81914cb0bd57aa74d715af6f89b46a2d002917ca1ed
dca9e2620e1a175e82986d268b80847dc0dacc952e8b4f5d289335200ef74f7f
e8fed51ae35ba9d9c900b99b774df79551240e4954aa5bdd2289cf32d64c1715
ff4c91bf9cb91b2fb2e0344577754e3f2ade240aa8d8d8db0171901c9115feb1

crypto-2023.s3.amazonaws.com Open in urlscan Pro 52.216.217.49 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

23 Requests

91 %HTTPS

50 %IPv6

8 Domains

9 Subdomains

9 IPs

3 Countries

769 kBTransfer

1294 kBSize

1 Cookies

15 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

crypto-2023.s3.amazonaws.com Open in urlscan Pro
52.216.217.49 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

91 %
HTTPS

50 %
IPv6

8
Domains

9
Subdomains

9
IPs

3
Countries

769 kB
Transfer

1294 kB
Size

1
Cookies

23 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!