731829-coinbase.com Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://731829-coinbase.com/
Effective URL:
http://731829-coinbase.com/start.php
Submission: On February 22 via api (February 22nd 2024, 5:20:30 pm UTC) from DE — Scanned from NL

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is 731829-coinbase.com.

This is the only time 731829-coinbase.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coinbase (Crypto Exchange)

Domain & IP information

	IP Address		AS Autonomous System
1 12	2a06:98c1:312... 2a06:98c1:3120::3		13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2

12 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

731829-coinbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	731829-coinbase.com 1 redirects 731829-coinbase.com	164 KB
12	1

	Domain	Requested by
12	731829-coinbase.com	1 redirects 731829-coinbase.com
12	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://731829-coinbase.com/start.php
Frame ID: 9CEF510B348F7ED9554A0041051ACA71
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Coinbase RecoveryCoinbase logo

Page URL History Show full URLs

http://731829-coinbase.com/ HTTP 302
http://731829-coinbase.com/start.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

163 kB
Transfer

226 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://731829-coinbase.com/ HTTP 302
http://731829-coinbase.com/start.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request start.php Show response
731829-coinbase.com/
Redirect Chain

http://731829-coinbase.com/
http://731829-coinbase.com/start.php

8 KB
3 KB

94ms
94ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/start.php

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04987abfd03283248c6ff0fd3b8f45c4ed4033f876bad306786c70d89fb69d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 8598e62d3a930b7b-AMS
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 22 Feb 2024 17:20:20 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma: no-cache
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ppM1FUjnqRD2RQmk5a3fB4kOXorBXjnfSlIBn7GOQ87LsakT2dr%2Bu0QEI2eierV4rPnL48vuz2RFEtERL9HjiE7DBgLV%2FeRVgNns2set9D8Mp8MDij7VCnKEp0br8GaYn9YY8PCW8Dm%2BY9%2FpuYby0nu"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
alt-svc: h3=":443"; ma=86400

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 8598e62c49390b7b-AMS
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 22 Feb 2024 17:20:20 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tgqsJPPruX5YNLLKGyrn0eSVTEXRvk3Pj5t1kCBGKiKPo9ly5XVgVZxZOwPmMHtLItiXdYfDN3KM5u1xfvVNQSjzNlBAktC43j2fjXcJtROdFuL2mDMzW1zPcwmZy4xXzAbf8yihTMmOCPKk4s2SqejU"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
alt-svc: h3=":443"; ma=86400
location: start.php

GET
H/1.1 200
OK stylesheet_0.css
731829-coinbase.com/ 13 KB
5 KB 49ms
49ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/stylesheet_0.css

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/start.php

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e9eed01ff6d411d7f2e89b9a62c2a0239d1ecbd426e88a2b3e5b82baf179cf8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://731829-coinbase.com/start.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 32
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 3934
Last-Modified: Mon, 19 Feb 2024 18:21:42 GMT
Server: cloudflare
ETag: "350d-611c02a611005-gzip"
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Type: text/css
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mB0XbJhMy0XLlKxRhSrCPwUb4kcmr%2Bsn5xKwH2kZFu7yZvgZbIxp%2BwXjcfR9dERAJBpacb77rL0%2BpqWgq%2FUZ31CiZMAT2PH%2Bkx36W4mpYTPiwZPvZ67pPPOSnrRjhtLgdut1eCFLgOn50djewV6U4HEC"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 8598e62dcb9e0b7b-AMS

GET
H/1.1 200
OK stylesheet_1.css
731829-coinbase.com/ 205 B
972 B 315ms
288ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/stylesheet_1.css

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/start.php

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd14c987c18b76ad3e4b1336ee5bcbd82f18b223ae39503a3648e71d2fd44a8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://731829-coinbase.com/start.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 50
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 155
Last-Modified: Mon, 19 Feb 2024 18:21:43 GMT
Server: cloudflare
ETag: "cd-611c02a68053b-gzip"
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Type: text/css
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lOMvM1pTsjlZ2znOkTs4rINrOW6z3lbmPGr6ffhK8bPPPrLlhWpLoPvXXAb16sTD6sjRfUmHj7D%2FtibGaO2Sbh%2FXsleaBiDWxg%2BQxuXHK866VaY2A2ETZ4N427k7fLRNa71pVc5HCFs8KNrnZ9s7GkF9"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 8598e62df95fb90c-AMS

GET
H/1.1 200
OK stylesheet_2.css
731829-coinbase.com/ 525 B
1 KB 180ms
148ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/stylesheet_2.css

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/start.php

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b1890d418e801719fb6701909d07d079004b3fdc5766c67cd4c0ebd56219688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://731829-coinbase.com/start.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 272
Last-Modified: Mon, 19 Feb 2024 18:21:43 GMT
Server: cloudflare
ETag: "20d-611c02a6edb30-gzip"
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Type: text/css
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oqFKBDzYGL9F1FQL5AeRRwpVbcl6EqxszqftsHubGg6L4MFZKcMmSaF9K9f09L5RGHLVuKANsJbQBkfg%2BYGYqeemWDBojLHZyF%2BaQryrlFxtAFC8qzf6eoiSSqIAY0Cjkee5pCYMmpiJbdk6oyOeJ%2BkA"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 8598e62dfaa46f11-CDG

GET
H/1.1 200
OK jquery.min.js Show response
731829-coinbase.com/ 86 KB
31 KB 5749ms
5648ms Script
text/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/jquery.min.js

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/start.php

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://731829-coinbase.com/start.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:25 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 30677
Last-Modified: Mon, 19 Feb 2024 18:21:39 GMT
Server: cloudflare
ETag: "15851-611c02a347268-gzip"
Vary: Accept-Encoding
X-Frame-Options: sameorigin
Content-Type: text/javascript
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MkdZ5TPrG5B9Uo3YYa0HIfPihn5ToYtTWaA7RcDMZXeXn%2FEJQB2L50cqESsQ7dhXe1dPXR8FM59dc9lyvGCVP12MUaXJLJvPWvoZA9YbSJpBwDwP1fbx9TSnNti2uYqAQPoISNQdMd4fygzkqmxmaglF"}],"group":"cf-nel","max_age":604800}
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 8598e62ea8c742bc-EWR

GET
H/1.1 200
OK 1.woff2
731829-coinbase.com/fonts/ 39 KB
40 KB 168ms
168ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/fonts/1.woff2

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/stylesheet_0.css

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1f75e7f702059493bb74cfcb3178d095b3f6da4d313e92b3ceabc3e63eb914c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: http://731829-coinbase.com/stylesheet_0.css
Origin: http://731829-coinbase.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:20 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 40076
Last-Modified: Mon, 19 Feb 2024 18:23:57 GMT
Server: cloudflare
ETag: "9c8c-611c0326d7154"
X-Frame-Options: sameorigin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TALbL1wncD3h0CvNQPhY7YXOq9p9jX2qgGAhkLJmC9YdI9JKTM55HNyGOqZ83saOuBNOLa1gntURfDsNIZaSMUj0tfvv88MssaHrLJsH3vwzYu2TAuEk1k5pTux5jAPe7SSDpxayfHILKE91k19wh6bV"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Vary: Accept-Encoding
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 8598e62fcc86b90c-AMS

GET
H/1.1 200
OK 2.woff2
731829-coinbase.com/fonts/ 40 KB
40 KB 223ms
223ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/fonts/2.woff2

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/stylesheet_0.css

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5db56ddf9ab991fc7a3a5b188b6b0c92331213ec4991b71d9821c36dcbcdb687

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: http://731829-coinbase.com/stylesheet_0.css
Origin: http://731829-coinbase.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:20 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 40480
Last-Modified: Mon, 19 Feb 2024 18:23:57 GMT
Server: cloudflare
ETag: "9e20-611c03265821f"
X-Frame-Options: sameorigin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngrg%2Bxz9XH5ZdQr9Z%2FIqgvL5A4%2BqDYSkuqVAXcFbTT8isdjx6Ik12Halg34bbLYrgEe9DRbs5S4ihIc11P5%2FEWdZdDw8FmiceuWjWQtIH3s7qbmSzucMx2cJXmUNdSIre2OzgTK1%2FVy87t%2BFiJwARPCr"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Vary: Accept-Encoding
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 8598e62fcd8a6f11-CDG

GET
H/1.1 200
OK 3.woff2
731829-coinbase.com/fonts/ 39 KB
40 KB 157ms
157ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/fonts/3.woff2

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/stylesheet_0.css

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81368223143520415fe7fbdc3792d2d52ad7e422d8b214661ff932afe577b779

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: http://731829-coinbase.com/stylesheet_0.css
Origin: http://731829-coinbase.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:20 GMT
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 40016
Last-Modified: Mon, 19 Feb 2024 18:23:56 GMT
Server: cloudflare
ETag: "9c50-611c0325d640a"
X-Frame-Options: sameorigin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHD39ShQ5Liv902HhaVjLzGyLu%2BxJMZCvM8cZ%2FdUdIbJN9ZnTWzVQRk6y7dHGUG8iFI6B77vXa4n1aEVc%2F3t9%2FaUJcvIBEc%2F6wi2ymvOeXM2YrNbFiVBA9yrcL4522HO0AMZySb0kBAQ7PjXq2atMA95"}],"group":"cf-nel","max_age":604800}
Content-Type: font/woff2
Vary: Accept-Encoding
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 8598e62fcea10b7b-AMS

GET action.php
731829-coinbase.com/admin/inc/ 0
0

GET
H/1.1 200
OK action.php Show response
731829-coinbase.com/admin/inc/ 0
826 B 160ms
160ms XHR
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/admin/inc/action.php?type=ping

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/jquery.min.js

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept: */*
Referer: http://731829-coinbase.com/start.php
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Pragma: no-cache
Server: cloudflare
X-Frame-Options: sameorigin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itTD9q%2FjPEND2SOvvw%2Fxvq0c0zMgkRmgJmUIvw1jzNQo2qjyJuWq2IkHZqJ%2BV1Ohcig5nEvS0XJEfsy5XfwSee%2FLWAJRv3WWcWhs8FQQuthzDnyl9PbDQ9mrdF4NnPcBZg6xrxBFkxrGjAJ9VInPC4Be"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
CF-RAY: 8598e660cb5cb90c-AMS
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK action.php Show response
731829-coinbase.com/admin/inc/ 0
824 B 97ms
97ms XHR
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/admin/inc/action.php?type=ping

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/jquery.min.js

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept: */*
Referer: http://731829-coinbase.com/start.php
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Pragma: no-cache
Server: cloudflare
X-Frame-Options: sameorigin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O696PgI%2FLTFuv9bv2F521ALhpZ7OH1Spk55lQsRF0deEaW1WaAUA6yApcBbeU1mjglayWROx4r1bjilg42Wd8YkQA8HHWAjlPOv2QdyV1qLfTYkoBUNKSieTI5pHMWCnA1JUM%2F1lAZPp9fuZQ9ERR%2FML"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
CF-RAY: 8598e6670f4eb90c-AMS
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK action.php Show response
731829-coinbase.com/admin/inc/ 0
826 B 100ms
99ms XHR
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://731829-coinbase.com/admin/inc/action.php?type=ping

Requested by

Host: 731829-coinbase.com
URL: http://731829-coinbase.com/jquery.min.js

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Accept: */*
Referer: http://731829-coinbase.com/start.php
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Date: Thu, 22 Feb 2024 17:20:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Pragma: no-cache
Server: cloudflare
X-Frame-Options: sameorigin
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2BPo1iINyqwN8UMdmqkG5lp0Uid5OPNuEoK4QNXzNpFqec9cOtb6Ie4i2MfNNv867hFPA%2FmO%2BrQv4%2F1aFaTMbRtNjX3bYDwnzqR3in5IdE4U9l4t5WpPFyvMVjXrIko5dYg4tt6mEqWLuYVVImnrldal"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
CF-RAY: 8598e66d4925b90c-AMS
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 731829-coinbase.com
URL: http://731829-coinbase.com/admin/inc/action.php?type=ping

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coinbase (Crypto Exchange)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery number| pinger

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			731829-coinbase.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: c2hgnurt3dd64qnktk4ks25ccv

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

731829-coinbase.com
731829-coinbase.com
2a06:98c1:3120::3
04987abfd03283248c6ff0fd3b8f45c4ed4033f876bad306786c70d89fb69d50
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
4b1890d418e801719fb6701909d07d079004b3fdc5766c67cd4c0ebd56219688
5db56ddf9ab991fc7a3a5b188b6b0c92331213ec4991b71d9821c36dcbcdb687
81368223143520415fe7fbdc3792d2d52ad7e422d8b214661ff932afe577b779
a1f75e7f702059493bb74cfcb3178d095b3f6da4d313e92b3ceabc3e63eb914c
dd14c987c18b76ad3e4b1336ee5bcbd82f18b223ae39503a3648e71d2fd44a8c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9eed01ff6d411d7f2e89b9a62c2a0239d1ecbd426e88a2b3e5b82baf179cf8b

731829-coinbase.com Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

0 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

163 kBTransfer

226 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

731829-coinbase.com Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

163 kB
Transfer

226 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!