urlscan.io logo urlscan.io
SecurityTrails logo

trxbase-366.nl Open in urlscan Pro
162.0.217.115  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://trxbase-366.nl/
Effective URL: https://trxbase-366.nl/
Submission: On February 05 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 162.0.217.115, located in Amsterdam, Netherlands and belongs to NAMECHEAP-NET, US. The main domain is trxbase-366.nl.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 31st 2024. Valid for: a year.
This is the only time trxbase-366.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coinbase (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
1 6 162.0.217.115 22612 (NAMECHEAP...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:25a... 16509 (AMAZON-02)
9 3
Apex Domain
Subdomains		 Transfer
6 trxbase-366.nl
trxbase-366.nl
85 KB
3 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 225
198 KB
1 ctfassets.net
images.ctfassets.net — Cisco Umbrella Rank: 3705
2 KB
9 3
Domain Requested by
6 trxbase-366.nl 1 redirects trxbase-366.nl
3 cdnjs.cloudflare.com trxbase-366.nl
cdnjs.cloudflare.com
1 images.ctfassets.net trxbase-366.nl
9 3

This site contains no links.

Subject Issuer Validity Valid
trxbase-366.nl
Sectigo RSA Domain Validation Secure Server CA		 2024-01-31 -
2025-01-31		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
images.ctfassets.net
Amazon RSA 2048 M02		 2023-12-19 -
2025-01-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://trxbase-366.nl/
Frame ID: 699D41B7D7AE333335947408D42E9C72
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Coinbase Link

Page URL History Show full URLs

  1. http://trxbase-366.nl/ HTTP 301
    https://trxbase-366.nl/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+(?:https?:)?//(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

285 kB
Transfer

372 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://trxbase-366.nl/ HTTP 301
    https://trxbase-366.nl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
trxbase-366.nl/
Redirect Chain
  • http://trxbase-366.nl/
  • https://trxbase-366.nl/
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trxbase-366.nl/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.217.115 Amsterdam, Netherlands, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server317-5.web-hosting.com
Software
LiteSpeed /
Resource Hash
dba5bcaf02aa577d430b738ac478f8a513b7327736e24f303e22b4d22fa40f55

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
content-encoding
br
content-length
936
content-type
text/html
date
Mon, 05 Feb 2024 09:10:48 GMT
last-modified
Mon, 05 Feb 2024 09:07:56 GMT
server
LiteSpeed
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed

Redirect headers

content-length
707
content-type
text/html
date
Mon, 05 Feb 2024 09:10:48 GMT
keep-alive
timeout=5, max=100
location
https://trxbase-366.nl/
server
LiteSpeed
x-turbo-charged-by
LiteSpeed
index.css
trxbase-366.nl/css/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://trxbase-366.nl/css/index.css
Requested by
Host: trxbase-366.nl
URL: https://trxbase-366.nl/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.217.115 Amsterdam, Netherlands, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server317-5.web-hosting.com
Software
LiteSpeed /
Resource Hash
2a15148e2c43901cd66954e5d2534f80d7c6930a26271e22f3cd387876a0e587

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://trxbase-366.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 09:10:48 GMT
content-encoding
br
last-modified
Fri, 02 Feb 2024 21:07:50 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
999
expires
Mon, 12 Feb 2024 09:10:48 GMT
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/ 		100 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
Requested by
Host: trxbase-366.nl
URL: https://trxbase-366.nl/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c22cfb6520a7fdbb738632834019acf47c78b1279462c0eb4cb83bae83ecb5a7
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://trxbase-366.nl
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 09:10:48 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
5720306
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
18861
last-modified
Fri, 01 Dec 2023 00:32:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"65692999-49ad"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5tyM9ELH6Dq9KSTtTN8WZmfvTMBP8AlzrgO5gIwpGwS%2BxM7bJj8IiRQKvF1vRIPmhB4PJKIaZHIKRwu0C9mSDBdRQiWW%2BifH8KcvlMls7cLDWFd3uG88%2BpKXNtzfOdur0jQKpssIxDwQWmaMesbjPAom"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
850a05b7ba8a1c9f-FRA
expires
Sat, 25 Jan 2025 09:10:48 GMT
Consumer_Wordmark.svg
images.ctfassets.net/q5ulk4bp65r7/3TBS4oVkD1ghowTqVQJlqj/2dfd4ea3b623a7c0d8deb2ff445dee9e/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.ctfassets.net/q5ulk4bp65r7/3TBS4oVkD1ghowTqVQJlqj/2dfd4ea3b623a7c0d8deb2ff445dee9e/Consumer_Wordmark.svg
Requested by
Host: trxbase-366.nl
URL: https://trxbase-366.nl/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:25a2:b000:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
126270d27d1ac1a29b8d7d01238377840fe79b70212bd230adc6b2d9da82bf38

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://trxbase-366.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 03:49:26 GMT
content-encoding
gzip
via
1.1 f6d3d027dc70c7291c2f685efb187ab2.cloudfront.net (CloudFront)
last-modified
Fri, 26 Mar 2021 14:21:17 GMT
server
Contentful Images API
x-amz-cf-pop
ZRH55-P1
age
19438
etag
W/"78b2915b21e673b15957e22970b36c40"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-id
qovm0te9TBJLw9EOrtVX6bkmxTV4DnPRct4GtBc-yMo4Ay-pwyFGNA==
Coionbase-ING.png
trxbase-366.nl/assets/ 		77 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trxbase-366.nl/assets/Coionbase-ING.png
Requested by
Host: trxbase-366.nl
URL: https://trxbase-366.nl/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.217.115 Amsterdam, Netherlands, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server317-5.web-hosting.com
Software
LiteSpeed /
Resource Hash
479fa48f886eddc6c18f24cbe55a4caf54a2b18828b66cd75e1630fee7e2a664

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://trxbase-366.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 09:10:48 GMT
last-modified
Fri, 02 Feb 2024 21:05:40 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
78622
expires
Mon, 12 Feb 2024 09:10:48 GMT
Capture.PNG
trxbase-366.nl/assets/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trxbase-366.nl/assets/Capture.PNG
Requested by
Host: trxbase-366.nl
URL: https://trxbase-366.nl/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.217.115 Amsterdam, Netherlands, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server317-5.web-hosting.com
Software
LiteSpeed /
Resource Hash
7fcec78860cc2234fd3980e505bf4e98d31a03832cc12ed3542dd95337a0df06

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://trxbase-366.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 09:10:48 GMT
last-modified
Tue, 30 Jan 2024 02:28:08 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
4639
expires
Mon, 12 Feb 2024 09:10:48 GMT
index.js
trxbase-366.nl/js/ 		3 KB
1016 B 		Script
General
Check archive.org
Download Go to
Full URL
https://trxbase-366.nl/js/index.js
Requested by
Host: trxbase-366.nl
URL: https://trxbase-366.nl/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.217.115 Amsterdam, Netherlands, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server317-5.web-hosting.com
Software
LiteSpeed /
Resource Hash
177d2ebd323f112510e2500e9de22142894e7b28cb1b2d5c538f9ef0786493b2

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://trxbase-366.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 09:10:48 GMT
content-encoding
br
last-modified
Mon, 05 Feb 2024 17:05:40 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
782
expires
Mon, 12 Feb 2024 09:10:48 GMT
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/ 		153 KB
153 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fc85f3a4544ab0d570c7f8f9bbb88db8d92c359b2707580ea8b07c75673eae2
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
Origin
https://trxbase-366.nl
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 09:10:48 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
5711482
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
156496
last-modified
Fri, 01 Dec 2023 00:32:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"65692999-26350"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ALpF32sHuli%2FFOb%2FtYzBSjXdsR3wBys0AH8TngbOfzHr06v8MCvPADeCpFki8Uzg2bmCWB%2FQdubJzNn0weX3%2FfUXDbMVUBCEMqssN0%2B8HHOlhy8iZrKx8SNigrOaBaP98ncsvbLrUDJNhaS1la1wBl1z"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
850a05b80ac61c9f-FRA
expires
Sat, 25 Jan 2025 09:10:48 GMT
fa-regular-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/webfonts/fa-regular-400.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2bccecf0bc7e96cd5ce4003abeb3ae9ee4a3d19158c4e6edfd2df32d2f0d5721
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
Origin
https://trxbase-366.nl
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 09:10:48 GMT
strict-transport-security
max-age=15780000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3302264
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
25452
last-modified
Fri, 01 Dec 2023 00:32:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"65692999-636c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=37TByLcljjBa3n7f5GngMxPC1y7BgB%2BnYLKD5vJO19s6%2F64pxIMxEaW6HQj4Q0TrwX0SgXgZTv%2FxM3ou5KKhicfPow4WgqWjeP9IlHJsQJRJvhVbNMQjRfLUr1AV8qXDW42uZP0L1TESEkUBm9KHybbm"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
850a05b80ac91c9f-FRA
expires
Sat, 25 Jan 2025 09:10:48 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coinbase (Crypto Exchange)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies