binanceteam.epizy.com Open in urlscan Pro
185.27.134.139 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://binanceteam.epizy.com/
Effective URL:
http://binanceteam.epizy.com/?i=1
Submission: On July 17 via manual (July 17th 2019, 10:06:32 am UTC) from JP

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 185.27.134.139, located in United Kingdom and belongs to WILDCARD-AS Wildcard UK Limited, GB. The main domain is binanceteam.epizy.com.

This is the only time binanceteam.epizy.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Binance (Crypto Exchange) Generic Crypto (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
3	185.27.134.139 185.27.134.139	34119 (WILDCARD-...) (WILDCARD-AS Wildcard UK Limited)
1	54.239.168.113 54.239.168.113	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	151.101.112.193 151.101.112.193	54113 (FASTLY) (FASTLY - Fastly)
13	5

3 185.27.134.139 (United Kingdom)

ASN34119 (WILDCARD-AS Wildcard UK Limited, GB)
PTR: 13913427185.ifastnet.org

binanceteam.epizy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.239.168.113 (Atlanta, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-239-168-113.fra50.r.cloudfront.net

www.binance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

chart.apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.193 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	epizy.com binanceteam.epizy.com	36 KB
1	imgur.com i.imgur.com	126 KB
1	google.com chart.apis.google.com	2 KB
1	binance.com www.binance.com	2 KB
0	blockchain.info Failed blockchain.info Failed
13	5

	Domain	Requested by
3	binanceteam.epizy.com	binanceteam.epizy.com
1	i.imgur.com	binanceteam.epizy.com
1	chart.apis.google.com	binanceteam.epizy.com
1	www.binance.com	binanceteam.epizy.com
0	blockchain.info Failed	binanceteam.epizy.com
13	5

This site contains no links.

Subject Issuer	Validity	Valid
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
*.binance.com GeoTrust RSA CA 2018	`2018-02-27` - `2020-02-27`	2 years	crt.sh
*.apis.google.com Google Internet Authority G3	`2019-06-18` - `2019-09-10`	3 months	crt.sh
*.imgur.com DigiCert SHA2 Secure Server CA	`2018-12-14` - `2020-02-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://binanceteam.epizy.com/?i=1
Frame ID: 9CF26B69F9959C7E1EB3A4D923587F86
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://binanceteam.epizy.com/ Page URL
http://binanceteam.epizy.com/?i=1 Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

13
Requests

23 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

167 kB
Transfer

182 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://binanceteam.epizy.com/ Page URL
http://binanceteam.epizy.com/?i=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=1CK9kT35qZHGAb7kuqZeKfKQc3j6Ezt8JZ&chld=H|0 HTTP 307
https://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=1CK9kT35qZHGAb7kuqZeKfKQc3j6Ezt8JZ&chld=H|0

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
binanceteam.epizy.com/ 832 B
831 B 81ms
30ms Document
text/html 185.27.134.139
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://binanceteam.epizy.com/
Protocol: HTTP/1.1
Server: 185.27.134.139 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: 13913427185.ifastnet.org
Software: nginx /
Resource Hash: 60a789b6776acab873540f070dedf231d464cb4f28abefacfb7749403d2b59d1

Request headers

Host: binanceteam.epizy.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: nginx
Date: Wed, 17 Jul 2019 10:06:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip

GET
H/1.1 200
OK aes.js Show response
binanceteam.epizy.com/ 30 KB
31 KB 31ms
30ms Script
application/javascript 185.27.134.139
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://binanceteam.epizy.com/aes.js
Requested by: Host: binanceteam.epizy.com
URL: http://binanceteam.epizy.com/
Protocol: HTTP/1.1
Security: , ,
Server: 185.27.134.139 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: 13913427185.ifastnet.org
Software: nginx /
Resource Hash: d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc

Request headers

Referer: http://binanceteam.epizy.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 17 Jul 2019 10:06:13 GMT
Last-Modified: Sat, 08 Aug 2015 08:12:26 GMT
Server: nginx
ETag: "55c5b9ea-79e6"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31206

GET
H/1.1 200
OK Primary Request / Show response
binanceteam.epizy.com/ 20 KB
5 KB 2918ms
2917ms Document
text/html 185.27.134.139
WILDCARD-AS Wildc...

General

Check archive.org

Show headers Download Go to

Full URL: http://binanceteam.epizy.com/?i=1
Requested by: Host: binanceteam.epizy.com
URL: http://binanceteam.epizy.com/
Protocol: HTTP/1.1
Server: 185.27.134.139 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS: 13913427185.ifastnet.org
Software: nginx /
Resource Hash: 78941dcddfd1fc9bcc40fe33cd3e3ce292eae35353013bbefe4e012eca0bcf04

Request headers

Host: binanceteam.epizy.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://binanceteam.epizy.com/
Accept-Encoding: gzip, deflate
Cookie: __test=67d46f6c580ea17cd53225bcbeb67d0d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://binanceteam.epizy.com/

Response headers

Server: nginx
Date: Wed, 17 Jul 2019 10:06:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=0
Expires: Wed, 17 Jul 2019 10:06:13 GMT
Content-Encoding: gzip

GET overrides.min.css
blockchain.info/Resources/ 0
0

GET jquery.min.js
blockchain.info/Resources/js/ 0
0

GET bootstrap.min.js
blockchain.info/Resources/js/ 0
0

GET shared.min.js
blockchain.info/Resources/js/ 0
0

GET blockchain.css
blockchain.info/Resources/css/ 0
0

GET payment-request.css
blockchain.info/Resources/ 0
0

GET app-overrides.css
blockchain.info/Resources/ 0
0

GET
H2 200 logo-en.svg
www.binance.com/resources/img/ 4 KB
2 KB 583ms
276ms Image
image/svg+xml 54.239.168.113
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.binance.com/resources/img/logo-en.svg

Requested by

Host: binanceteam.epizy.com
URL: http://binanceteam.epizy.com/?i=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.239.168.113 Atlanta, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-54-239-168-113.fra50.r.cloudfront.net

Software

Tengine /

Resource Hash

53513e352a3559410d4202a1f0a80a7ac2e5390a34ea4b60dbc4d4a9c31380c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://binanceteam.epizy.com/?i=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 17 Jul 2019 10:05:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-amz-cf-pop: FRA50
x-cache: Miss from cloudfront
status: 200
strict-transport-security: max-age=31536000; includeSubdomains
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin
last-modified: Mon, 15 Jul 2019 12:13:00 GMT
server: Tengine
x-frame-options: SAMEORIGIN
etag: W/"3899-1563192780000"
vary: Accept-Encoding
content-type: image/svg+xml;charset=UTF-8
via: 1.1 f96185b1d69d6f85635bc2b5554da639.cloudfront.net (CloudFront)
x-amz-cf-id: 4nFAQJZV-QZblWpPwuQ4_4KmFH6LEu27nAQdX9GkaxXCxhyWS30M0g==

GET
H2

200

chart
chart.apis.google.com/
Redirect Chain

http://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=1CK9kT35qZHGAb7kuqZeKfKQc3j6Ezt8JZ&chld=H|0
https://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=1CK9kT35qZHGAb7kuqZeKfKQc3j6Ezt8JZ&chld=H|0

2 KB
2 KB

25ms
6ms

Image
image/png

2a00:1450:4001:809::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=1CK9kT35qZHGAb7kuqZeKfKQc3j6Ezt8JZ&chld=H|0

Requested by

Host: binanceteam.epizy.com
URL: http://binanceteam.epizy.com/?i=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GoogleChartAPI/1.0 /

Resource Hash

e02635b1ee250e60ac4efaafa29ce5c01257882a1ce780f0b95c92beb55649a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOWALL
X-Xss-Protection	1; mode=block

Request headers

Referer: http://binanceteam.epizy.com/?i=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 16 Jul 2019 21:34:47 GMT
x-content-type-options: nosniff
last-modified: Wed, 02 May 2018 18:35:04 GMT
server: GoogleChartAPI/1.0
age: 45070
x-frame-options: ALLOWALL
content-type: image/png
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=86400
access-control-allow-origin: *
content-length: 1798
x-xss-protection: 1; mode=block
expires: Wed, 17 Jul 2019 21:34:47 GMT

Redirect headers

Location: https://chart.apis.google.com/chart?cht=qr&chs=300x300&chl=1CK9kT35qZHGAb7kuqZeKfKQc3j6Ezt8JZ&chld=H|0
Non-Authoritative-Reason: HSTS

GET
H2 200 T1X5ZPT.gif
i.imgur.com/ 126 KB
126 KB 1338ms
25ms Image
image/gif 151.101.112.193
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.imgur.com/T1X5ZPT.gif
Requested by: Host: binanceteam.epizy.com
URL: http://binanceteam.epizy.com/?i=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: cat factory 1.0 /
Resource Hash: 51db6c4f053f0649837ec06f4890fb346b0c62df43990e2c0f6ddd784468ce8d

Request headers

Referer: http://binanceteam.epizy.com/?i=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 17 Jul 2019 10:05:58 GMT
age: 3027273
x-cache: HIT, HIT
status: 200
content-length: 128768
x-served-by: cache-bwi5140-BWI, cache-hhn4047-HHN
last-modified: Mon, 19 Feb 2018 23:27:31 GMT
server: cat factory 1.0
x-timer: S1563357959.604368,VS0,VE4
etag: "fba7462ec7c9fd5d740d834bf646e2c2"
access-control-allow-methods: GET, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: blockchain.info
URL: https://blockchain.info/Resources/overrides.min.css?18005c9c8eb43636

Domain: blockchain.info
URL: https://blockchain.info/Resources/js/jquery.min.js

Domain: blockchain.info
URL: https://blockchain.info/Resources/js/bootstrap.min.js?18005c9c8eb43636

Domain: blockchain.info
URL: https://blockchain.info/Resources/js/shared.min.js?18005c9c8eb43636

Domain: blockchain.info
URL: https://blockchain.info/Resources/css/blockchain.css?18005c9c8eb43636

Domain: blockchain.info
URL: https://blockchain.info/Resources/payment-request.css?18005c9c8eb43636

Domain: blockchain.info
URL: https://blockchain.info/Resources/app-overrides.css?18005c9c8eb43636

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Binance (Crypto Exchange) Generic Crypto (Crypto Exchange)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

binanceteam.epizy.com
blockchain.info
chart.apis.google.com
i.imgur.com
www.binance.com
blockchain.info
151.101.112.193
185.27.134.139
2a00:1450:4001:809::200e
54.239.168.113
51db6c4f053f0649837ec06f4890fb346b0c62df43990e2c0f6ddd784468ce8d
53513e352a3559410d4202a1f0a80a7ac2e5390a34ea4b60dbc4d4a9c31380c8
60a789b6776acab873540f070dedf231d464cb4f28abefacfb7749403d2b59d1
78941dcddfd1fc9bcc40fe33cd3e3ce292eae35353013bbefe4e012eca0bcf04
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc
e02635b1ee250e60ac4efaafa29ce5c01257882a1ce780f0b95c92beb55649a6

binanceteam.epizy.com Open in urlscan Pro 185.27.134.139 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

23 %HTTPS

25 %IPv6

5 Domains

5 Subdomains

5 IPs

3 Countries

167 kBTransfer

182 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

binanceteam.epizy.com Open in urlscan Pro
185.27.134.139 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

23 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

167 kB
Transfer

182 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!