access-bittrex.com Open in urlscan Pro
172.67.190.50 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/Lrsh4Biu62
Effective URL:
https://access-bittrex.com/
Submission: On May 14 via manual (May 14th 2024, 11:12:13 am UTC) from AU — Scanned from AU

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 9 domains to perform 17 HTTP transactions. The main IP is 172.67.190.50, located in United States and belongs to CLOUDFLARENET, US. The main domain is access-bittrex.com.
TLS certificate: Issued by GTS CA 1P5 on May 14th 2024. Valid for: 3 months.

This is the only time access-bittrex.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bittrex (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1 2	209.94.90.1 209.94.90.1	40680 (PROTOCOL) (PROTOCOL)
2	104.18.10.112 104.18.10.112	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	103.180.114.1 103.180.114.1	200325 (BUNNYCDN) (BUNNYCDN)
6	172.67.190.50 172.67.190.50	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.167.106 172.217.167.106	15169 (GOOGLE) (GOOGLE)
2	44.218.226.60 44.218.226.60	14618 (AMAZON-AES) (AMAZON-AES)
1 2	104.16.122.227 104.16.122.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.198.167 172.67.198.167	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	10

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.94.90.1 (United States) 1 redirects

ASN40680 (PROTOCOL, US)

ipfs.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.10.112 (None, )

ASN13335 (CLOUDFLARENET, US)

cloudflare-eth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.180.114.1 (Australia)

ASN200325 (BUNNYCDN, SI)

ipfs.tech	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.67.190.50 (United States)

ASN13335 (CLOUDFLARENET, US)

access-bittrex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.167.106 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s17-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.218.226.60 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-218-226-60.compute-1.amazonaws.com

mainnet.infura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.122.227 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

global.bittrex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bittrex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.198.167 (United States)

ASN13335 (CLOUDFLARENET, US)

tokenmap.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	access-bittrex.com access-bittrex.com	580 KB
2	bittrex.com 1 redirects global.bittrex.com bittrex.com — Cisco Umbrella Rank: 181346	798 B
2	infura.io mainnet.infura.io — Cisco Umbrella Rank: 30662	370 B
2	cloudflare-eth.com cloudflare-eth.com — Cisco Umbrella Rank: 193582	262 B
2	ipfs.io 1 redirects ipfs.io — Cisco Umbrella Rank: 65949	1 KB
1	tokenmap.sh tokenmap.sh Failed
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	1 KB
1	ipfs.tech ipfs.tech — Cisco Umbrella Rank: 241700	5 KB
1	t.co t.co — Cisco Umbrella Rank: 717	702 B
17	9

	Domain	Requested by
6	access-bittrex.com	ipfs.io access-bittrex.com
2	mainnet.infura.io	access-bittrex.com
2	cloudflare-eth.com	ipfs.io
2	ipfs.io	1 redirects t.co
1	tokenmap.sh	access-bittrex.com
1	bittrex.com
1	global.bittrex.com	1 redirects
1	fonts.googleapis.com	access-bittrex.com
1	ipfs.tech
1	t.co
17	10

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-20` - `2024-08-19`	a year	crt.sh
ipfs.io GTS CA 1P5	`2024-04-16` - `2024-07-15`	3 months	crt.sh
cloudflare-eth.com GTS CA 1P5	`2024-03-23` - `2024-06-21`	3 months	crt.sh
access-bittrex.com GTS CA 1P5	`2024-05-14` - `2024-08-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
*.infura.io Amazon RSA 2048 M02	`2023-11-29` - `2024-12-27`	a year	crt.sh
tokenmap.sh E1	`2024-05-01` - `2024-07-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://access-bittrex.com/
Frame ID: EFC22460C8443520DF9173515B645C09
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bittrex | VIP WITHDRAWAL

Page URL History Show full URLs

https://t.co/Lrsh4Biu62 Page URL
https://ipfs.io/ipfs/QmY3nvzB3k7vyrp2q9i6ZfpLW87aNSd1GjYDv2E6N3DZSG/ Page URL
https://access-bittrex.com/ Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

17
Requests

82 %
HTTPS

0 %
IPv6

9
Domains

10
Subdomains

10
IPs

3
Countries

589 kB
Transfer

2008 kB
Size

4
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/Lrsh4Biu62 Page URL
https://ipfs.io/ipfs/QmY3nvzB3k7vyrp2q9i6ZfpLW87aNSd1GjYDv2E6N3DZSG/ Page URL
https://access-bittrex.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://ipfs.io/favicon.ico HTTP 301
https://ipfs.tech/favicon.ico

Request Chain 13

https://global.bittrex.com/favicon.ico HTTP 301
https://bittrex.com/favicon.ico

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Lrsh4Biu62
t.co/ 361 B
702 B 591ms
298ms Document
text/html 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/Lrsh4Biu62

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_r /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Accept-Language: en-AU,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 223
content-type: text/html; charset=utf-8
date: Tue, 14 May 2024 11:12:04 GMT
expires: Tue, 14 May 2024 11:17:05 GMT
perf: 7402827104
server: tsa_r
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 3f89d6571668dad557911c33aa4c4451524e0fdd42f827fb466ed2e1e4e9224f
x-response-time: 152
x-transaction-id: d25bc392eddcb761
x-xss-protection: 0

GET
H3 200 / Show response
ipfs.io/ipfs/QmY3nvzB3k7vyrp2q9i6ZfpLW87aNSd1GjYDv2E6N3DZSG/ 607 B
864 B 137ms
30ms Document
text/html 209.94.90.1
PROTOCOL

General

Check archive.org

Show headers Download Go to

Full URL: https://ipfs.io/ipfs/QmY3nvzB3k7vyrp2q9i6ZfpLW87aNSd1GjYDv2E6N3DZSG/
Requested by: Host: t.co
URL: https://t.co/Lrsh4Biu62
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 209.94.90.1 , United States, ASN40680 (PROTOCOL, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a9d6b09e7fb519392824163bebd9bd8f21450f188536ce235c009fa76f11588

Request headers

Accept-Language: en-AU,en;q=0.9;q=0.9
Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-headers: Content-Type Range User-Agent X-Requested-With
access-control-allow-methods: GET HEAD OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length Content-Range X-Chunked-Output X-Ipfs-Path X-Ipfs-Roots X-Stream-Output
age: 13081
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=29030400, immutable
cf-cache-status: HIT
cf-ray: 883a7381a8d35d35-SYD
content-encoding: br
content-type: text/html
date: Tue, 14 May 2024 11:12:05 GMT
server: cloudflare
vary: Accept-Encoding
x-ipfs-path: /ipfs/QmY3nvzB3k7vyrp2q9i6ZfpLW87aNSd1GjYDv2E6N3DZSG/
x-ipfs-pop: rainbow-sg1-01
x-ipfs-roots: QmY3nvzB3k7vyrp2q9i6ZfpLW87aNSd1GjYDv2E6N3DZSG

OPTIONS
H3 200 /
cloudflare-eth.com/ 0
0 37ms
22ms Preflight 104.18.10.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cloudflare-eth.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.10.112 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://ipfs.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-ray: 883a73821da3a888-SYD
content-length: 0
date: Tue, 14 May 2024 11:12:05 GMT
server: cloudflare
vary: Accept-Encoding

POST
H3 200 /
cloudflare-eth.com/ 230 B
262 B 438ms
437ms Fetch
application/json 104.18.10.112
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cloudflare-eth.com/
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmY3nvzB3k7vyrp2q9i6ZfpLW87aNSd1GjYDv2E6N3DZSG/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.10.112 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://ipfs.io/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 14 May 2024 11:12:05 GMT
x-cf-eth-has-latest-tag: true
content-encoding: br
x-cf-eth-methods: eth_call
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 883a73823dc9a888-SYD
access-control-allow-headers: Content-Type
alt-svc: h3=":443"; ma=86400

GET
H2

200

favicon.ico
ipfs.tech/
Redirect Chain

https://ipfs.io/favicon.ico
https://ipfs.tech/favicon.ico

15 KB
5 KB

305ms
283ms

Other
image/x-icon

103.180.114.1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://ipfs.tech/favicon.ico

Protocol

Server

103.180.114.1 , Australia, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-SYD1-1151 /

Resource Hash

94a9fefbbe42310c03ff1e52c1f753c21038805f632867ea78930a52c445a456

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-AU,en;q=0.9;q=0.9
Referer: https://ipfs.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Tue, 14 May 2024 11:12:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests
content-encoding: br
cdn-edgestorageid: 1151
x-cache-status: MISS
cdn-cachedat: 04/28/2024 14:02:29
cdn-pullzone: 2016121
x-xss-protection: 0
x-request-id: fc81df0754a319e3ce761b5492cda238
referrer-policy: strict-origin-when-cross-origin
server: BunnyCDN-SYD1-1151
cdn-proxyver: 1.04
x-ipfs-roots: bafybeigi77rim3p5tw3upw2ca4ep5ng7uaarvrz46zidd2ai6cjh46yxoy,QmULFXXZMtQ2wCXDU6L8d9R4bYiQi7GpENhhZFF7ctPJDT
etag: W/"QmULFXXZMtQ2wCXDU6L8d9R4bYiQi7GpENhhZFF7ctPJDT"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: image/x-icon
access-control-allow-origin: *
cdn-cache: REVALIDATED
cdn-uid: 070ccd6e-b4b0-4c90-b45a-e26d7534205d
access-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output
cache-control: max-age=60, stale-while-revalidate=3600
x-ipfs-path: /ipfs/bafybeigi77rim3p5tw3upw2ca4ep5ng7uaarvrz46zidd2ai6cjh46yxoy/favicon.ico
cdn-requestpullcode: 200
cdn-requestid: 188c7220e76ee9729ad554050a3edc3e
cdn-requestcountrycode: AU
access-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With
cdn-status: 200
cdn-requestpullsuccess: True

Redirect headers

date: Tue, 14 May 2024 11:12:05 GMT
cf-cache-status: HIT
x-ipfs-pop: rainbow-sg1-01
server: cloudflare
age: 121
vary: Accept-Encoding
content-type: text/html
location: https://ipfs.tech/favicon.ico
cf-ray: 883a7381f9525d35-SYD
alt-svc: h3=":443"; ma=86400

GET
H3 200 Primary Request / Show response
access-bittrex.com/ 150 KB
18 KB 878ms
625ms Document
text/html 172.67.190.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://access-bittrex.com/
Requested by: Host: ipfs.io
URL: https://ipfs.io/ipfs/QmY3nvzB3k7vyrp2q9i6ZfpLW87aNSd1GjYDv2E6N3DZSG/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.190.50 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07b5fc6a7335b66e0476078d28f38aef55c9f2d4467b4231b31736d065a01b74

Request headers

Accept-Language: en-AU,en;q=0.9;q=0.9
Referer: https://ipfs.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 883a73869e2ba96b-SYD
content-encoding: br
content-type: text/html
date: Tue, 14 May 2024 11:12:06 GMT
last-modified: Tue, 14 May 2024 06:14:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=meUyGi6TqxxRG4UCitbFnDoV5hboD9E7g%2FUDMEIqakmVEOJfbZLp%2FJSpSS1I5DSsqoF2IE0tSJiCRss2ePFT1UuHLftZdbFmODlSuZA9zaEqXb578%2Fkl60cDMAmB5NygTLn8pxM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 css2
fonts.googleapis.com/ 6 KB
1 KB 199ms
96ms Stylesheet
text/css 172.217.167.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans:ital,wght@0,100..900;1,100..900&display=swap

Requested by

Host: access-bittrex.com
URL: https://access-bittrex.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.167.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s17-in-f10.1e100.net

Software

ESF /

Resource Hash

06a4d0f4756ba97aaf8adbda569bd8073f6e9292cecad3fa690a411615abace7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://access-bittrex.com/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Tue, 14 May 2024 11:12:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 14 May 2024 10:15:12 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 14 May 2024 11:12:06 GMT

GET
H3 200 interface.js Show response
access-bittrex.com/app/ 524 KB
132 KB 32ms
31ms Script
application/javascript 172.67.190.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://access-bittrex.com/app/interface.js
Requested by: Host: access-bittrex.com
URL: https://access-bittrex.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.190.50 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fe91cc0b809daf8d6d8f90b6522995df35764f75ac822da70368f6d5f17ff14

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://access-bittrex.com/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 11:12:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 May 2024 06:14:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5561
etag: W/"82ea0-61863eb35d237-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iBr93hl3pLvkF9udIhbwgo4UmFGOiXyAjHi5YvY6fi4ix6zaj2%2Ft6bEyboDrgaw3faxy%2BSLVPnifjlLU%2B7lRjTd%2FcQl%2FOZGLm%2ByXfUIcPkBgl69wMciCBcjehtjwZMFhor5v0EA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 883a738bede9a96b-SYD
alt-svc: h3=":443"; ma=86400

GET
H3 200 contracts.js Show response
access-bittrex.com/app/ 81 KB
9 KB 18ms
17ms Script
application/javascript 172.67.190.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://access-bittrex.com/app/contracts.js
Requested by: Host: access-bittrex.com
URL: https://access-bittrex.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.190.50 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a3da485231f198723b6134f734db0fabcdd23afea566ce459798eb6f42d5fcd

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://access-bittrex.com/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 11:12:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 May 2024 06:14:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5561
etag: W/"14365-61863eb7ffa79-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjz9qGriWbMe4vVIOmAsnx%2Bc2QNd8k4ad4A6PpBi0Rtcf6FeVpIdHlaNKU6KaOuZA0qjcHFG1WQTUmEHyh5Bxc%2BHSdYVw%2BzeNnpYMiJRZaTkDGHp1xd9nyTFgBanTKPi%2FchATJM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 883a738bedeba96b-SYD
alt-svc: h3=":443"; ma=86400

GET
H3 200 main.js Show response
access-bittrex.com/app/ 912 KB
297 KB 28ms
28ms Script
application/javascript 172.67.190.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://access-bittrex.com/app/main.js
Requested by: Host: access-bittrex.com
URL: https://access-bittrex.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.190.50 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5c0c7c18af59de48160313c92794ff362c104dd7618979ee769e3cb34f2c72b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://access-bittrex.com/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 11:12:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 May 2024 06:14:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5561
etag: W/"e4135-61863eb0af989-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ByJ6ukJ3ADS0CzJccqMY3Gc%2B5B06Qwr1okPqUg7aowsUqCvURij9mvUDtJBkFx1YUIxRCuxLMsB94adNVYMhu0KIaHvr3PqELaTJ1IyK%2FPwGN6JSGmo1k%2F5ZXm4YQDcyxmPWMU4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 883a738c0e10a96b-SYD
alt-svc: h3=":443"; ma=86400

GET
H3 200 entry.js Show response
access-bittrex.com/app/ 312 KB
122 KB 26ms
26ms Script
application/javascript 172.67.190.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://access-bittrex.com/app/entry.js
Requested by: Host: access-bittrex.com
URL: https://access-bittrex.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.190.50 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77f0d8a527702380293820ad6d80818891586072ba4f01056cac0155d0899977

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://access-bittrex.com/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 11:12:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 May 2024 06:14:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5561
etag: W/"4e11e-61863eb5b9a08-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eay8uHwBPwHZaju2%2Bz%2Fh%2Fi1%2Fn5WBihimOZL5uYoBqG99a%2BYUzM9J8mAIShgD5chWPz9SFFZWtEig6UN3Sm4D8PiUlfG%2Bf%2FkXNW4z4lJXkQgbfkYWxa0festE%2Ffup%2B7aysenK4cc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 883a738c3e3aa96b-SYD
alt-svc: h3=":443"; ma=86400

GET
H3 200 bittrex-logo-mark-global.svg
access-bittrex.com/Content/img/Lineage/ 7 KB
3 KB 30ms
30ms Image
image/svg+xml 172.67.190.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://access-bittrex.com/Content/img/Lineage/bittrex-logo-mark-global.svg
Requested by: Host: access-bittrex.com
URL: https://access-bittrex.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.190.50 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa28771468afc9e70afc33433a18c9358b114325ca38980ef36139fde0ea3bba

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://access-bittrex.com/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 14 May 2024 11:12:07 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 May 2024 06:14:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5561
etag: W/"1c07-61863e923ac58"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lAOHE8UTVddtAumU6jDtVxwGo27PbOdfRvPJmE8IQ5geqI4UFho%2BuAFPMqXh8CVaYezr9MWBXLx%2BSGPciKD7842Ga5MUBv4H65Sw8%2F%2FsIuQO3YypjzCppmRg3MwfMuYIoqv%2B5EE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 883a738c5e6da96b-SYD
alt-svc: h3=":443"; ma=86400

POST
H2 200 9aa3d95b3bc440fa88ea12eaa4456161 Show response
mainnet.infura.io/v3/ 230 B
370 B 203ms
194ms Fetch
application/json 44.218.226.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mainnet.infura.io/v3/9aa3d95b3bc440fa88ea12eaa4456161
Requested by: Host: access-bittrex.com
URL: https://access-bittrex.com/app/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.218.226.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-218-226-60.compute-1.amazonaws.com
Software: /
Resource Hash: 590db2bc85860d6932445df3299827509ece33a8a2f1ae734578fd7c36f1eff7

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://access-bittrex.com/
Accept-Language: en-AU,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
content-type: application/json

Response headers

access-control-allow-origin: https://access-bittrex.com
date: Tue, 14 May 2024 11:12:07 GMT
content-length: 230
vary: Origin, Accept-Encoding
content-type: application/json

OPTIONS
H2 200 9aa3d95b3bc440fa88ea12eaa4456161
mainnet.infura.io/v3/ 0
0 602ms
194ms Preflight 44.218.226.60
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mainnet.infura.io/v3/9aa3d95b3bc440fa88ea12eaa4456161
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.218.226.60 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-218-226-60.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://access-bittrex.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://access-bittrex.com
access-control-max-age: 86400
content-length: 0
date: Tue, 14 May 2024 11:12:07 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2

200

favicon.ico
bittrex.com/
Redirect Chain

https://global.bittrex.com/favicon.ico
https://bittrex.com/favicon.ico

318 B
328 B

27ms
20ms

Other
image/x-icon

104.16.122.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bittrex.com/favicon.ico

Protocol

Server

104.16.122.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49180d5c1eba5fad60027e2343d0fd3e53f2d733804743c0184b7ff78052e81e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-AU,en;q=0.9;q=0.9
Referer: https://access-bittrex.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Tue, 14 May 2024 11:12:07 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 16 Jan 2024 20:47:55 GMT
server: cloudflare
age: 229
etag: W/"19b0f847bd48da1:0"
x-download-options: noopen
vary: Accept-Encoding
content-type: image/x-icon
content-encoding: gzip
cf-ray: 883a738fbc4c5587-SYD
x-xss-protection: 1; mode=block

Redirect headers

date: Tue, 14 May 2024 11:12:07 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/html
location: https://bittrex.com/favicon.ico
cache-control: max-age=3600
cf-ray: 883a738f9c2f5587-SYD
content-length: 167
expires: Tue, 14 May 2024 12:12:07 GMT

POST authenticate
tokenmap.sh/api/ 0
0

OPTIONS
H3 200 authenticate
tokenmap.sh/api/ 0
0 430ms
410ms Preflight
text/html 172.67.198.167
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tokenmap.sh/api/authenticate
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.198.167 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://access-bittrex.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: jwt, session, content-type
access-control-allow-origin: https://access-bittrex.com
access-control-max-age: 86400
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 883a739348d7a97d-SYD
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 14 May 2024 11:12:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2BpoR4JaIrTUg6RCPnVk7h7efE3NdzmXUg6i02dCLf9mccJ6nXHavrNJj7IN8V%2Bl6rRKkxKTrYVHNe8Xc4096%2FSM4aZVbpesHv%2BocwzrY%2Bs5IlApiahIrAozqoOeuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tokenmap.sh
URL: https://tokenmap.sh/api/authenticate

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bittrex (Crypto Exchange)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 06:10:45	Name: muc Value: 1f24d24c-4dd1-4503-b112-ff0c328eee57
.t.co/	1970-01-21 06:10:45	Name: muc_ads Value: 1f24d24c-4dd1-4503-b112-ff0c328eee57
.bittrex.com/	1970-01-20 20:34:46	Name: __cf_bm Value: V.S9vIPdZSWTRsYs_cUsdBufFJJBmfASpjzdixRIfZQ-1715685127-1.0.1.1-GWBONBOKoToKAO215d6OLWWrBBIRHO7JdOTOma5UDe3kSg7ikzjX2MOU4gYDj8LDO4phSpE5k4.7ZDmAaMVgww
.bittrex.com/	1969-12-31 23:59:59	Name: _cfuvid Value: FaK9aL_o6CNO31Rr_jFmdhOi86j3WcDh5IEVFbvxUh4-1715685127629-0.0.1.1-604800000

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://access-bittrex.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://access-bittrex.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://access-bittrex.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://access-bittrex.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

access-bittrex.com
bittrex.com
cloudflare-eth.com
fonts.googleapis.com
global.bittrex.com
ipfs.io
ipfs.tech
mainnet.infura.io
t.co
tokenmap.sh
tokenmap.sh
103.180.114.1
104.16.122.227
104.18.10.112
104.244.42.69
172.217.167.106
172.67.190.50
172.67.198.167
209.94.90.1
44.218.226.60
06a4d0f4756ba97aaf8adbda569bd8073f6e9292cecad3fa690a411615abace7
07b5fc6a7335b66e0476078d28f38aef55c9f2d4467b4231b31736d065a01b74
1a3da485231f198723b6134f734db0fabcdd23afea566ce459798eb6f42d5fcd
49180d5c1eba5fad60027e2343d0fd3e53f2d733804743c0184b7ff78052e81e
590db2bc85860d6932445df3299827509ece33a8a2f1ae734578fd7c36f1eff7
6fe91cc0b809daf8d6d8f90b6522995df35764f75ac822da70368f6d5f17ff14
77f0d8a527702380293820ad6d80818891586072ba4f01056cac0155d0899977
7a9d6b09e7fb519392824163bebd9bd8f21450f188536ce235c009fa76f11588
94a9fefbbe42310c03ff1e52c1f753c21038805f632867ea78930a52c445a456
a5c0c7c18af59de48160313c92794ff362c104dd7618979ee769e3cb34f2c72b
aa28771468afc9e70afc33433a18c9358b114325ca38980ef36139fde0ea3bba

access-bittrex.com Open in urlscan Pro 172.67.190.50 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

82 %HTTPS

0 %IPv6

9 Domains

10 Subdomains

10 IPs

3 Countries

589 kBTransfer

2008 kBSize

4 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

35 JavaScript Global Variables

4 Cookies

4 Console Messages

Security Headers

Indicators

access-bittrex.com Open in urlscan Pro
172.67.190.50 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

82 %
HTTPS

0 %
IPv6

9
Domains

10
Subdomains

10
IPs

3
Countries

589 kB
Transfer

2008 kB
Size

4
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!