poloniex.com.ci Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://poloenix.com/
Effective URL:
https://poloniex.com.ci/login.html
Submission: On June 29 via api (June 29th 2024, 8:21:59 am UTC) from BE — Scanned from DE

Summary HTTP 14 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is poloniex.com.ci.
TLS certificate: Issued by GTS CA 1P5 on May 19th 2024. Valid for: 3 months.

This is the only time poloniex.com.ci was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Poloniex (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.204.82 172.67.204.82	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:235... 2600:9000:235a:be00:1b:ef38:3680:21	16509 (AMAZON-02) (AMAZON-02)
14	4

1 172.67.204.82 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

poloenix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

poloniex.com.ci	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

poloniex.com.ci	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:235a:be00:1b:ef38:3680:21 (United States)

ASN16509 (AMAZON-02, US)

d21y75miwcfqoq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	poloniex.com.ci poloniex.com.ci	317 KB
1	cloudfront.net d21y75miwcfqoq.cloudfront.net	456 B
1	poloenix.com 1 redirects poloenix.com	491 B
14	3

	Domain	Requested by
13	poloniex.com.ci	poloniex.com.ci
1	d21y75miwcfqoq.cloudfront.net	poloniex.com.ci
1	poloenix.com	1 redirects
14	3

This site contains links to these domains. Also see Links.

Domain
cookie-consent.app.forthe.top
sunswap.com
apenft.io

Subject Issuer	Validity	Valid
poloniex.com.ci GTS CA 1P5	`2024-05-19` - `2024-08-17`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://poloniex.com.ci/login.html
Frame ID: A540E66E6ED30A20DAD5CB9FED19905A
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Poloniex - Crypto Asset Exchange - Log In

Page URL History Show full URLs

https://poloenix.com/ HTTP 301
https://poloniex.com.ci/login.html Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

317 kB
Transfer

708 kB
Size

0
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://cookie-consent.app.forthe.top/why-websites-use-cookies/
Title: Learn More

Search URL Search Domain Scan URL

URL: https://sunswap.com/
Title: SunS

Search URL Search Domain Scan URL

URL: https://apenft.io/
Title: NFT

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://poloenix.com/ HTTP 301
https://poloniex.com.ci/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.html Show response poloniex.com.ci/ Redirect Chain https://poloenix.com/ https://poloniex.com.ci/login.html	172 KB 26 KB	596ms 146ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5e102d146e00ac6eeffa30442597f19b125dec7237bd8cbd91c243203be8673d` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 89b481743d3190fe-FRA content-encoding br content-type text/html date Sat, 29 Jun 2024 08:21:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mFzlOJdFTa6iniDE7p%2Fzqoi%2FLKOTxL4jICDnNVz7iBlhWxEj5zy%2F47YhW20bvpnpD9cde%2BWTsEGAu6qjxiqMxtZ8Dr82Bq%2F4Y2tBU5B87s3vHMVWNpyQOvXD57HkoxN8zUzYb8wi1HuRWyrLWMA%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers alt-svc h3=":443"; ma=86400 cache-control max-age=3600 cf-ray 89b481711a945d6f-FRA content-length 167 content-type text/html date Sat, 29 Jun 2024 08:21:53 GMT expires Sat, 29 Jun 2024 09:21:53 GMT location https://poloniex.com.ci/login.html nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8JMOPgGHECkUjbEQJDTMnu%2Ff7aOlkEheYA2NDaufFdgwPkxQlcm5blcswDNyu6WQ8dd9YaDjHvudMKsOPp7h9Fe%2F%2Bqjsi%2FNtLiQ6DdavGvFarxlUqR89gKyHbjR8Rew%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	IWLlTq24PX5LMozRezYgvq_TtQg.js Show response poloniex.com.ci/cdn-cgi/apps/head/	5 KB 2 KB	53ms 51ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/cdn-cgi/apps/head/IWLlTq24PX5LMozRezYgvq_TtQg.js Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `aa0e8da933141142f57f6b2e7ff3dc5c29049204a8a04604e0c035afc1b0a748` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/login.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT content-encoding gzip x-amz-version-id joIste6FPXLoVJN.0rvrf.MGjv6UIutq nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status HIT x-amz-request-id 68M2RP9BY688GQAD age 1003750 alt-svc h3=":443"; ma=86400 content-length 1882 x-amz-id-2 NgMJDCD2LJDr+trdbFIatO5MHa1B4M13Vx8lk/2CtYJmRnLHiNFEIwPADWjFe2U1OPe+G2UnPqM= last-modified Sat, 09 Sep 2023 16:53:54 GMT server cloudflare etag "644c0092a31b4925d6706a09b8fe68b6" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YdaJNFOi%2FV3Su6turIRwx8hiHNdtRX1G7nHX2eHg98Vg3RampHAeNYBl%2FJi1HMtMi8qQ2sPZJlOAt5HLBnLVXXK8zLzLQzyvcxguynVOqRqFa%2BO2f3FP3F2LJpWqW934oiVlLYAaQQSeMg0Qkg8%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 89b481753e2890fe-FRA
GET H2	200	font-awesome.min.css poloniex.com.ci/css/	30 KB 7 KB	200ms 199ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/css/font-awesome.min.css Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `68d4a759022635c8d1e96bf1cda36eb8559c7b2c6de3cb6d3f2f1104364aa7a1` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/login.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:38:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66751fe8-7943" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mO24XJP%2FVQWpVgrZ1S6s4uw0gd4ZINO1VTx5QB4D9mZkwJIYh5AfUWlNYUpqaCm3gIPVX%2BnFdTzo5EajMzH9c7rjW%2FYnEqMIHKRLYBsUOGPsPDXAP1vbH6Xzk29L%2FahcUFVjYY631lQEBLRs6TA%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 89b481753e2390fe-FRA alt-svc h3=":443"; ma=86400
GET H2	200	font-proxima.css poloniex.com.ci/css/	7 KB 1011 B	183ms 182ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/css/font-proxima.css Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `70d7aca7ecb837130c86e14abe13d4e68ba59cc18c43c955153e5dc489ba3f47` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/login.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:38:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66751fe8-1dae" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q3quvlgilxu8bnQGCxG7zIvAqui%2F%2FyZXGCb%2Foo7uP5rFs1PWMhQCcZekSfcQPtJag%2BzOObRoxABmx2kIeBAH4B9ndtRVS5btaw99hm9HLcmo5qEwmvQI0b8jXFivAky0TG8D6VlVHR%2FbCcB4hEI%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 89b481753e2590fe-FRA alt-svc h3=":443"; ma=86400
GET H2	200	style-ls.css poloniex.com.ci/css/	188 KB 31 KB	281ms 280ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/css/style-ls.css Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d88d4958b9ccaf251170ea8431520af6e9ea0ed4383152ea3d805709d47325be` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/login.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:38:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66751fea-2ef4a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UcAnmZtqcL1tM%2Bu2xtNGu%2B%2BvsxeUYu6XvKj7gU5R3eRN6CUmzmAa6tw6r0D19qb1m48dlg1dUt%2BljqLYybBtF0GRpCeSZQZbr0iJQkDe9eJphMAfNdKUx5Z6nYbAt2jQ2rG39DJiA2U4lIrctnw%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 89b481753e2790fe-FRA alt-svc h3=":443"; ma=86400
GET H2	200	jquery-2.1.3.min.js Show response poloniex.com.ci/js/	82 KB 30 KB	235ms 234ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/js/jquery-2.1.3.min.js Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8c02b2938c7c5f8553e55bc6376e0a2d43356568590eda5c88c7339bdc6f9f60` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/login.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT content-encoding br cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:39:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"6675201f-147eb" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSTXIkZkc1FAnsUZMYI%2FUulmRlhIVDjj51WC3grPHFWusvd5ve2JF5Xm9EsLovgv5Ucwo%2F1zfcl%2B6MlbIVuHlTXHx3xfTDy1S3w4PVenYNm2VRx5wZ3jEXXp9WL%2Bzq6yQJWArgaoYzYtvuIgkPw%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 89b481753e2990fe-FRA alt-svc h3=":443"; ma=86400
GET H3	200	VpRU-iPR6RgYVKT3G412UsfSPP8.js Show response poloniex.com.ci/cdn-cgi/apps/body/	9 KB 3 KB	77ms 77ms	Script application/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/cdn-cgi/apps/body/VpRU-iPR6RgYVKT3G412UsfSPP8.js Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/cdn-cgi/apps/head/IWLlTq24PX5LMozRezYgvq_TtQg.js Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `070e1a3df3f626e15fe93822fba5bd4389705838f9c1045b618ff4743fd7c7a0` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/login.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT content-encoding gzip x-amz-version-id yszquwFnkacX1o06iFhZtV5fouZSrJ_a nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-cache-status HIT x-amz-request-id A51N4CZP2VCA38KM age 286772 alt-svc h3=":443"; ma=86400 content-length 2905 x-amz-id-2 aHr4Ze/HvofVqJtZZXXNTZ2UjEK1OA4aHfaqcs19IuMSFEy45M4rHcZ1xtvf3R8rdiksMgoymKQ= last-modified Sat, 09 Sep 2023 16:53:53 GMT server cloudflare etag "bcf7e39f7730cd2e26db65b43189ade3" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tJrdITzNlWpCjlCEnIXfdlWY%2FdF0yiS4ukqpr7egIyvDZ8HHCGvi7VI6JdhKLAy2ZlD3k230i6Cdlh9%2F47hOMfineh7U1bg7s6HJYlpwuYE7GDqFc%2BsGm58iTHaWjourc3Y%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cache-control public, max-age=31536000 accept-ranges bytes cf-ray 89b4817709569174-FRA
GET H2	200	5d308ddf d21y75miwcfqoq.cloudfront.net/	68 B 456 B	761ms 629ms	Image image/png	2600:9000:235a:be00:1b:ef38:3680:21 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://d21y75miwcfqoq.cloudfront.net/5d308ddf Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/login.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:be00:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash `63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/login.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:55 GMT x-amz-version-id null via 1.1 840e16b680c94fee8c48b15e01dda782.cloudfront.net (CloudFront) last-modified Thu, 19 Nov 2020 18:37:03 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 etag "91e42db1c66c0b276abf6234dc50b2eb" x-amz-server-side-encryption AES256 x-cache Miss from cloudfront content-type image/png cache-control no-cache, no-store accept-ranges bytes content-length 68 x-amz-cf-id cp2YhmmuFzTeGaH30lYnd3B2RKuuqTGIu70r3m6TQNjN4O3fwUGQJQ==
GET H3	200	proxima-nova-medium.woff2 poloniex.com.ci/css/fonts/ProximaNova/	21 KB 22 KB	220ms 219ms	Font application/octet-stream	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/css/fonts/ProximaNova/proxima-nova-medium.woff2 Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/css/font-proxima.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c80867a3e00e9a8d9232195c59408284ec1f984798ff711bb76b95eb7bf08dbb` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/css/font-proxima.css Origin https://poloniex.com.ci Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:39:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66752006-55cc" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p0Nj9jJdLAwKJ94K6%2F6Ahvc2Vpldfd7TH6lD%2FoU9J0bmdjFaCxh2m8Lo8b0ym3cS9c1NOlCo07jDNibeeHfUsMboO%2FVCtjAiR7iIjQwB1AxYZrHKF3D0SQRtNsXouZ%2FhmUM%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 accept-ranges bytes cf-ray 89b48177a9fb9174-FRA alt-svc h3=":443"; ma=86400 content-length 21964
GET H3	200	fontawesome-webfont.woff2 poloniex.com.ci/css/fonts/fontawesome/	75 KB 76 KB	261ms 259ms	Font application/octet-stream	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/css/fonts/fontawesome/fontawesome-webfont.woff2 Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/css/font-awesome.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/css/font-awesome.min.css Origin https://poloniex.com.ci Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:38:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66751ff1-12d68" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1vZWH1DxGz%2Fra5WrLpRjw%2Fq%2B3%2FYkzvZsWqMOG3a8lZis%2Fj0c1IHERfqPnioXFBCn9qG9flnGqs9hulWfeqie5%2F9hm%2FJHlJ9uWWkoZ0SyDekPi53tBWAcctwZE9%2FIx%2BWCyE%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 accept-ranges bytes cf-ray 89b48177a9fd9174-FRA alt-svc h3=":443"; ma=86400 content-length 77160
GET H3	200	proxima-nova-semibold.woff2 poloniex.com.ci/css/fonts/ProximaNova/	38 KB 39 KB	220ms 219ms	Font application/octet-stream	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/css/fonts/ProximaNova/proxima-nova-semibold.woff2 Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/css/font-proxima.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9f982e254a4bf3eb7973170c9d1212c69fc52f8a53e460caa3f70944820ad33d` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/css/font-proxima.css Origin https://poloniex.com.ci Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:39:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "6675200a-9824" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CfXTegEtXgx%2Fmt0zsvzWGXeM0BvGadxuCZCECXW7IDzGwSkd8fOthDB3ogMqNmeCMEZTEBOcM%2B%2FtJICH3Y5%2BjuMHMMOA0YckZCLBUWMTLqKytaB78PoqmeCW6nA1OogAHGY%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 accept-ranges bytes cf-ray 89b48177aa009174-FRA alt-svc h3=":443"; ma=86400 content-length 38948
GET H3	200	proxima-nova-regular.woff2 poloniex.com.ci/css/fonts/ProximaNova/	39 KB 39 KB	178ms 177ms	Font application/octet-stream	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/css/fonts/ProximaNova/proxima-nova-regular.woff2 Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/css/font-proxima.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a8ca63bf7e73b105859b4255a8f911c242f85736c8f5eb377213d28ae89f476e` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/css/font-proxima.css Origin https://poloniex.com.ci Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:39:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66752007-9b2c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rhr6MvK4O6Pm6oDAKAtKfOdIxGbiNEqpHNUxY%2FhxDMyk%2FwyuexreBmVP9%2FomFYmRQLq2WQ96ItHWYr0okL5v3zKM1n37eyzvxSj0yqJ%2BLowz9GtZOxVjmQsiDTC4uwgYiUM%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 accept-ranges bytes cf-ray 89b48177aa029174-FRA alt-svc h3=":443"; ma=86400 content-length 39724
GET H3	200	proxima-nova-bold.woff2 poloniex.com.ci/css/fonts/ProximaNova/	39 KB 39 KB	340ms 339ms	Font application/octet-stream	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/css/fonts/ProximaNova/proxima-nova-bold.woff2 Requested by Host: poloniex.com.ci URL: https://poloniex.com.ci/css/font-proxima.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0317d04b30d7259cd54e9482edf3d9c9eee31b0922c3274fefb41d0f3598816f` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/css/font-proxima.css Origin https://poloniex.com.ci Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:54 GMT cf-cache-status MISS last-modified Fri, 21 Jun 2024 06:38:46 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66751ff6-9a00" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XyVs3eEU9EsQcW1OK6GYfHTj0A%2F1%2BEva0X3ThHupH1VmKc1HwHZRlqGO%2FqePiU0B%2F9XnTs%2FlXUF7XJmssew1DiIQXHjvh8y%2FEnHB86KwrWCuoEz4xyAIgx9501ATlPL%2Bedk%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=14400 accept-ranges bytes cf-ray 89b48177aa049174-FRA alt-svc h3=":443"; ma=86400 content-length 39424
GET DATA	200 OK	truncated /	1 KB 0		Stylesheet text/css
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c5acd99a0dfbf4d9f44f2feaeedeaf19ade7afdc90389401c089e52c3fe6da44` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type text/css;charset=utf-8
GET H3	200	polo-icon-32x32.png@v=20200417 poloniex.com.ci/images/icons/favicons/	701 B 1 KB	168ms 167ms	Other image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://poloniex.com.ci/images/icons/favicons/polo-icon-32x32.png@v=20200417 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `51ed6801e6898f007b27f5226f918be58041a6324bd1b014850ab422f8427781` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://poloniex.com.ci/login.html Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 29 Jun 2024 08:21:55 GMT cf-cache-status DYNAMIC last-modified Fri, 21 Jun 2024 06:39:23 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "2bd-61b60b1248e7e" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=caCp3Px9w%2B%2BSHav%2Ba9HLFr2M%2BSAEziqSC3aGuJMf05Dn9sZKrohbyE1cy3IGpmsJKcA4G%2FE3oLnzR%2FDS5GqHHOv0Hi0DWH9iiIBq3B8%2FrpgIcxt6JIV2uWLRuIWKeDXl5Lo%3D"}],"group":"cf-nel","max_age":604800} content-type image/png accept-ranges bytes cf-ray 89b4817acdaf9174-FRA alt-svc h3=":443"; ma=86400 content-length 701

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Poloniex (Crypto Exchange)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d21y75miwcfqoq.cloudfront.net
poloenix.com
poloniex.com.ci
172.67.204.82
188.114.96.3
2600:9000:235a:be00:1b:ef38:3680:21
2a06:98c1:3121::3
0317d04b30d7259cd54e9482edf3d9c9eee31b0922c3274fefb41d0f3598816f
070e1a3df3f626e15fe93822fba5bd4389705838f9c1045b618ff4743fd7c7a0
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
51ed6801e6898f007b27f5226f918be58041a6324bd1b014850ab422f8427781
5e102d146e00ac6eeffa30442597f19b125dec7237bd8cbd91c243203be8673d
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
68d4a759022635c8d1e96bf1cda36eb8559c7b2c6de3cb6d3f2f1104364aa7a1
70d7aca7ecb837130c86e14abe13d4e68ba59cc18c43c955153e5dc489ba3f47
8c02b2938c7c5f8553e55bc6376e0a2d43356568590eda5c88c7339bdc6f9f60
9f982e254a4bf3eb7973170c9d1212c69fc52f8a53e460caa3f70944820ad33d
a8ca63bf7e73b105859b4255a8f911c242f85736c8f5eb377213d28ae89f476e
aa0e8da933141142f57f6b2e7ff3dc5c29049204a8a04604e0c035afc1b0a748
c5acd99a0dfbf4d9f44f2feaeedeaf19ade7afdc90389401c089e52c3fe6da44
c80867a3e00e9a8d9232195c59408284ec1f984798ff711bb76b95eb7bf08dbb
d88d4958b9ccaf251170ea8431520af6e9ea0ed4383152ea3d805709d47325be

poloniex.com.ci Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

317 kBTransfer

708 kBSize

0 Cookies

3 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

poloniex.com.ci Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

317 kB
Transfer

708 kB
Size

0
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!