coinbasereward.bitbucket.io Open in urlscan Pro
16.63.53.135 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html
Effective URL:
https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/
Submission: On April 23 via manual (April 23rd 2024, 3:43:37 pm UTC) from IL — Scanned from IL

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 12 HTTP transactions. The main IP is 16.63.53.135, located in Zurich, Switzerland and belongs to AMAZON-02, US. The main domain is coinbasereward.bitbucket.io.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on January 16th 2024. Valid for: 5 months.

This is the only time coinbasereward.bitbucket.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coinbase (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
2	52.218.179.65 52.218.179.65	16509 (AMAZON-02) (AMAZON-02)
3	16.63.53.135 16.63.53.135	16509 (AMAZON-02) (AMAZON-02)
3	104.18.35.15 104.18.35.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.217.18.4 172.217.18.4	15169 (GOOGLE) (GOOGLE)
12	5

2 52.218.179.65 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-w.amazonaws.com

sdrive-storage.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 16.63.53.135 (Zurich, Switzerland)

ASN16509 (AMAZON-02, US)
PTR: ec2-16-63-53-135.eu-central-2.compute.amazonaws.com

coinbasereward.bitbucket.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.35.15 (None, )

ASN13335 (CLOUDFLARENET, US)

login.coinbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.4 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	coinbase.com login.coinbase.com — Cisco Umbrella Rank: 33565	21 KB
3	bitbucket.io coinbasereward.bitbucket.io	7 KB
2	amazonaws.com sdrive-storage.s3.amazonaws.com	1 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2
12	4

	Domain	Requested by
3	login.coinbase.com	coinbasereward.bitbucket.io login.coinbase.com
3	coinbasereward.bitbucket.io	coinbasereward.bitbucket.io
2	sdrive-storage.s3.amazonaws.com
1	www.google.com	coinbasereward.bitbucket.io
12	4

This site contains links to these domains. Also see Links.

Domain
coinbase.com

Subject Issuer	Validity	Valid
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-10-10` - `2024-07-03`	9 months	crt.sh
*.bitbucket.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-16` - `2024-06-15`	5 months	crt.sh
coinbase.com Cloudflare Inc ECC CA-3	`2024-02-05` - `2024-12-31`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/
Frame ID: EA9D5749FFAAE6A52DB181361741E062
Requests: 11 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcTV7IcAAAAAI1CwwRBm58wKn1n6vwyV1QFaoxr&co=aHR0cHM6Ly9sb2dpbi5jb2luYmFzZS5jb206NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&theme=light&size=invisible&badge=bottomright&sa=password&cb=tfdheag47j6e
Frame ID: 17943587D37BF504B58DAEFB1DDB8FD6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Coinbase - Sign In

Page URL History Show full URLs

http://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html HTTP 307
https://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html Page URL
https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b... Page URL

Page Statistics

12
Requests

75 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

29 kB
Transfer

118 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://coinbase.com/legal/cookie
Title: Cookie Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html HTTP 307
https://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html Page URL
https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html HTTP 307
https://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

cb.html Show response
sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/
Redirect Chain

http://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html
https://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html

192 B
668 B

825ms
286ms

Document
text/html

52.218.179.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.218.179.65 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4b9a4857bb20ce2f692cec460b4dfd52b460af8adc6e154c0a6238b22e96a399

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: public, max-age=315360000
Content-Length: 192
Content-Type: text/html
Date: Tue, 23 Apr 2024 15:43:32 GMT
ETag: "3da4fb7f278aaeea68b01551e3cb4897"
Expires: Tue, 18 Apr 2034 03:54:20 GMT
Last-Modified: Sat, 20 Apr 2024 03:54:22 GMT
Server: AmazonS3
x-amz-id-2: 9gM7MVzMcZhafVIsUn5IAaO83aDCC/1GC6Pc751NavTLH/VORDEYdDsnZDRd4c7T4EqqkofoI6c=
x-amz-request-id: 6WZ69XQDVMXRHPCG
x-amz-server-side-encryption: AES256

Redirect headers

Location: https://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 Primary Request / Show response
coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ 16 KB
7 KB 745ms
526ms Document
text/html 16.63.53.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

16.63.53.135 Zurich, Switzerland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-16-63-53-135.eu-central-2.compute.amazonaws.com

Software

AtlassianEdge /

Resource Hash

0ffedba578ac33bb1a4c02a6286de98f4e3c5f68cebb4305c15f5194cc918690

Security Headers

Name	Value
Content-Security-Policy	None
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://sdrive-storage.s3.amazonaws.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

atl-traceid: d2e19376ac20496f8eb163e1896b8708
cache-control: max-age=900
content-encoding: gzip
content-language: en
content-security-policy: None
content-type: text/html
date: Tue, 23 Apr 2024 15:43:32 GMT
etag: W/"01fc3828ea1d603ce204912306eb0aa9"
last-modified: Fri, 19 Apr 2024 12:31:28 GMT
nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
server: AtlassianEdge
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Language, Origin
x-b3-spanid: 22291e12140e9521
x-b3-traceid: d2e19376ac20496f8eb163e1896b8708
x-content-type-options: nosniff
x-dc-location: Micros-3
x-render-time: 0.047133445739746094
x-request-count: 3623
x-served-by: b379a2dd9de5
x-static-version: 28002f69de3d
x-usage-input-ops: 0
x-usage-output-ops: 0
x-usage-quota-remaining: 999332.009
x-usage-request-cost: 681.53
x-usage-system-time: 0.004045
x-usage-user-time: 0.016401
x-used-mesh: False
x-version: 28002f69de3d
x-view-name: bitbucket.apps.hosted.views.serve
x-xss-protection: 1; mode=block

GET
H/1.1 403
Forbidden favicon.ico
sdrive-storage.s3.amazonaws.com/ 243 B
520 B 268ms
268ms Other
application/xml 52.218.179.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sdrive-storage.s3.amazonaws.com/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.218.179.65 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-w.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://sdrive-storage.s3.amazonaws.com/seconline/66233c6c781b55/14941025/cb.html
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 23 Apr 2024 15:43:31 GMT
Server: AmazonS3
x-amz-request-id: 6WZFZJ5Y9W2RGH2Y
x-amz-id-2: 3SLkF5e3WYPjU6G8jWcWnzGRJ1Aiy5qKZSGv6m2H1BY0BOQPksyBZgDFr+mDJO8QshSaWojKmms=
Transfer-Encoding: chunked
Content-Type: application/xml

GET
H2 404 37088.377b390eb666b5823bf2.js
coinbasereward.bitbucket.io/static/ 0
0 516ms
514ms Script
text/plain 16.63.53.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbasereward.bitbucket.io/static/37088.377b390eb666b5823bf2.js

Requested by

Host: coinbasereward.bitbucket.io
URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

16.63.53.135 Zurich, Switzerland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-16-63-53-135.eu-central-2.compute.amazonaws.com

Software

AtlassianEdge /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	None
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 28002f69de3d
content-security-policy: None
x-used-mesh: False
x-b3-traceid: 004d9a85666b40c4b00afc23a89deb9f
x-usage-output-ops: 0
x-usage-system-time: 0.004039
x-served-by: 998e4eeace60
x-usage-quota-remaining: 998884.657
x-dc-location: Micros-3
etag: "01fc3828ea1d603ce204912306eb0aa9"
vary: Accept-Language, Origin
content-type: text/plain
content-language: en
cache-control: max-age=900
x-request-count: 3911
date: Tue, 23 Apr 2024 15:43:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-render-time: 0.032459259033203125
nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
atl-traceid: 004d9a85666b40c4b00afc23a89deb9f
x-usage-user-time: 0.013850
x-view-name: bitbucket.apps.hosted.views.serve
x-static-version: 28002f69de3d
content-length: 14
x-xss-protection: 1; mode=block
x-usage-request-cost: 596.30
last-modified: Fri, 19 Apr 2024 12:31:28 GMT
server: AtlassianEdge
x-usage-input-ops: 0
report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
x-b3-spanid: 9338a27e880d897b

GET
H2 404 main.6118e8fe1323fa69a40d.js
coinbasereward.bitbucket.io/static/ 0
0 529ms
527ms Script
text/plain 16.63.53.135
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://coinbasereward.bitbucket.io/static/main.6118e8fe1323fa69a40d.js

Requested by

Host: coinbasereward.bitbucket.io
URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

16.63.53.135 Zurich, Switzerland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-16-63-53-135.eu-central-2.compute.amazonaws.com

Software

AtlassianEdge /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	None
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 28002f69de3d
content-security-policy: None
x-used-mesh: False
x-b3-traceid: 1520d443f7df44638508a0d1d99c263d
x-usage-output-ops: 0
x-usage-system-time: 0.000646
x-served-by: 71b9ae4dcc1e
x-usage-quota-remaining: 998800.237
x-dc-location: Micros-3
etag: "01fc3828ea1d603ce204912306eb0aa9"
vary: Accept-Language, Origin
content-type: text/plain
content-language: en
cache-control: max-age=900
x-request-count: 3419
date: Tue, 23 Apr 2024 15:43:32 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-render-time: 0.04805254936218262
nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
atl-traceid: 1520d443f7df44638508a0d1d99c263d
x-usage-user-time: 0.019886
x-view-name: bitbucket.apps.hosted.views.serve
x-static-version: 28002f69de3d
content-length: 14
x-xss-protection: 1; mode=block
x-usage-request-cost: 684.40
last-modified: Fri, 19 Apr 2024 12:31:28 GMT
server: AtlassianEdge
x-usage-input-ops: 0
report-to: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
x-b3-spanid: 14ee2d3b2a3129b7

GET
H2 200 styles.6ec3f3d07acb4d9a7dee.css
login.coinbase.com/static/ 98 KB
18 KB 343ms
218ms Stylesheet
text/css 104.18.35.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.coinbase.com/static/styles.6ec3f3d07acb4d9a7dee.css

Requested by

Host: coinbasereward.bitbucket.io
URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c70f8b24f479162e6bfd8d7e7828d7944f2d8e06a6a9ff764cf7e4beb62b080

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri '/csp-logging'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://coinbasereward.bitbucket.io/
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 15:43:32 GMT
content-security-policy: base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri '/csp-logging'
via: 1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
x-content-type-options: nosniff
x-amz-version-id: null
x-amz-cf-pop: IAD89-C1
cf-polished: origSize=100710
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: minify
last-modified: Fri, 06 Oct 2023 16:31:56 GMT
server: cloudflare
etag: W/"4edffceb9e6b8e4059548f83c85097d8"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
cache-control: public, max-age=300
trace-id: 1337488014627730330
cf-ray: 878ef8446e31e3cb-TLV
x-amz-cf-id: F0H6Ev7U6dl0SfddoNxbQTekHJtOFDwAPZLkHC5b5kK8FD8b9csKWg==
expires: Tue, 23 Apr 2024 15:48:32 GMT

GET
H2 200 styles.9c6065ade6c124942da3.css
login.coinbase.com/static/ 3 KB
2 KB 329ms
204ms Stylesheet
text/css 104.18.35.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.coinbase.com/static/styles.9c6065ade6c124942da3.css

Requested by

Host: coinbasereward.bitbucket.io
URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

426199deb52131112ca61c116b47f6f5ff60bcf4f0d5ea829c95b248fbd677ae

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri '/csp-logging'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://coinbasereward.bitbucket.io/
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 15:43:32 GMT
content-security-policy: base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri '/csp-logging'
via: 1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
x-content-type-options: nosniff
x-amz-version-id: null
x-amz-cf-pop: IAD89-C1
cf-polished: origSize=2790
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
cf-bgj: minify
last-modified: Fri, 27 Oct 2023 18:36:54 GMT
server: cloudflare
etag: W/"131cf9cfef46189dbd15759cb4a0efed"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
cache-control: public, max-age=300
trace-id: 2875114733811436773
cf-ray: 878ef8446e2de3cb-TLV
x-amz-cf-id: 81lyMolZgn8KW62JNhrRgvY3T6GXNtkXnb_9SjjOSrC1hYwO_MWX3A==
expires: Tue, 23 Apr 2024 15:48:32 GMT

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 1794 0
0 373ms
143ms Document
text/html 172.217.18.4
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcTV7IcAAAAAI1CwwRBm58wKn1n6vwyV1QFaoxr&co=aHR0cHM6Ly9sb2dpbi5jb2luYmFzZS5jb206NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&theme=light&size=invisible&badge=bottomright&sa=password&cb=tfdheag47j6e

Requested by

Host: coinbasereward.bitbucket.io
URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.4 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-GHZ873Kt6eene1r29IYa8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: he-IL,he;q=0.9;q=0.9
Referer: https://coinbasereward.bitbucket.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-GHZ873Kt6eene1r29IYa8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 23 Apr 2024 15:43:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET 8a6a40a08f92d9a9b3e5.woff2
login.coinbase.com/static/ 0
0

GET 71371380d08a07cda58a.woff2
login.coinbase.com/static/ 0
0

GET 502b733210ea3fdd4bf8.woff2
login.coinbase.com/static/ 0
0

GET
H2 200 favicon.ico
login.coinbase.com/ 557 B
881 B 246ms
246ms Other
image/vnd.microsoft.icon 104.18.35.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://login.coinbase.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.35.15 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b90cdcbe9e842bf371d9c5e7dd13359fde26879a4642ad6f752e86a65fab4fb5

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri '/csp-logging'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://coinbasereward.bitbucket.io/
Accept-Language: he-IL,he;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 15:43:33 GMT
content-security-policy: base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri '/csp-logging'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
x-amz-version-id: null
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
content-encoding: gzip
x-cache: Miss from cloudfront
cf-cache-status: MISS
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Tue, 23 Apr 2024 14:35:13 GMT
server: cloudflare
etag: W/"52bad1d125e93b0235a76b87996a82d0"
x-download-options: noopen
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/vnd.microsoft.icon
cache-control: public, max-age=7200
trace-id: 8920616441845856422
cf-ray: 878ef84a5deae3cb-TLV
x-amz-cf-id: 8lGbBKkmUoxeSg0BDiTmR4GTXLnGRXvSIo8o6WujOCHK6sauxqezXg==
expires: Tue, 23 Apr 2024 17:43:33 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: login.coinbase.com
URL: https://login.coinbase.com/static/8a6a40a08f92d9a9b3e5.woff2

Domain: login.coinbase.com
URL: https://login.coinbase.com/static/71371380d08a07cda58a.woff2

Domain: login.coinbase.com
URL: https://login.coinbase.com/static/502b733210ea3fdd4bf8.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coinbase (Crypto Exchange)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.coinbase.com/	1970-01-20 20:04:48	Name: __cf_bm Value: iu1lJ9q0xUuJXyieTeB0G4QR594oAFFTi3aMWI08G7Q-1713887012-1.0.1.1-1mqn.uO9IUpPY7ZhcCcDLoYQh7Rrz_MrbHEKYoPd5R3WuafW_bN.wG249QTNNffwJvt5mf83NwRwIVjLJdB5cg

18 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sdrive-storage.s3.amazonaws.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
security	error	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Unrecognized Content-Security-Policy directive 'None'.
security	error	URL: about:blank Message: Unrecognized Content-Security-Policy directive 'None'.
security	error	URL: about:blank Message: Unrecognized Content-Security-Policy directive 'None'.
security	error	URL: about:blank Message: Unrecognized Content-Security-Policy directive 'None'.
other	warning	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://coinbasereward.bitbucket.io/static/37088.377b390eb666b5823bf2.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Refused to execute script from 'https://coinbasereward.bitbucket.io/static/37088.377b390eb666b5823bf2.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://coinbasereward.bitbucket.io/static/main.6118e8fe1323fa69a40d.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Refused to execute script from 'https://coinbasereward.bitbucket.io/static/main.6118e8fe1323fa69a40d.js' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.
javascript	error	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Access to font at 'https://login.coinbase.com/static/71371380d08a07cda58a.woff2' from origin 'https://coinbasereward.bitbucket.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://login.coinbase.com/static/71371380d08a07cda58a.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Access to font at 'https://login.coinbase.com/static/502b733210ea3fdd4bf8.woff2' from origin 'https://coinbasereward.bitbucket.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://login.coinbase.com/static/502b733210ea3fdd4bf8.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Access to font at 'https://login.coinbase.com/static/8a6a40a08f92d9a9b3e5.woff2' from origin 'https://coinbasereward.bitbucket.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://login.coinbase.com/static/8a6a40a08f92d9a9b3e5.woff2 Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://coinbasereward.bitbucket.io/258660e1-9cfe-4202-9eda-d3beedb3e118&oauth_challenge=3e80a353-428f-42bf-b02b-c874e3f538e2/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

coinbasereward.bitbucket.io
login.coinbase.com
sdrive-storage.s3.amazonaws.com
www.google.com
login.coinbase.com
104.18.35.15
16.63.53.135
172.217.18.4
52.218.179.65
0ffedba578ac33bb1a4c02a6286de98f4e3c5f68cebb4305c15f5194cc918690
426199deb52131112ca61c116b47f6f5ff60bcf4f0d5ea829c95b248fbd677ae
4b9a4857bb20ce2f692cec460b4dfd52b460af8adc6e154c0a6238b22e96a399
5c70f8b24f479162e6bfd8d7e7828d7944f2d8e06a6a9ff764cf7e4beb62b080
b90cdcbe9e842bf371d9c5e7dd13359fde26879a4642ad6f752e86a65fab4fb5

coinbasereward.bitbucket.io Open in urlscan Pro 16.63.53.135 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

75 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

5 IPs

3 Countries

29 kBTransfer

118 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

18 Console Messages

Indicators

coinbasereward.bitbucket.io Open in urlscan Pro
16.63.53.135 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

75 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

29 kB
Transfer

118 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!