urlscan.io logo urlscan.io
SecurityTrails logo

coinstrange.net Open in urlscan Pro
104.21.50.17  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://coinstrange.net/CFr4Fv
Submission: On April 29 via manual from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 104.21.50.17, located in and belongs to CLOUDFLARENET, US. The main domain is coinstrange.net.
TLS certificate: Issued by GTS CA 1P5 on March 14th 2024. Valid for: 3 months.
This is the only time coinstrange.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
11 104.21.50.17 13335 (CLOUDFLAR...)
1 157.240.252.13 32934 (FACEBOOK)
1 188.114.97.3 13335 (CLOUDFLAR...)
13 3
Apex Domain
Subdomains		 Transfer
11 coinstrange.net
coinstrange.net
268 KB
1 userstatics.com
userstatics.com — Cisco Umbrella Rank: 92039
632 B
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
59 KB
13 3
Domain Requested by
11 coinstrange.net coinstrange.net
1 userstatics.com coinstrange.net
1 connect.facebook.net coinstrange.net
13 3

This site contains links to these domains. Also see Links.

Domain
telegram.org
Subject Issuer Validity Valid
coinstrange.net
GTS CA 1P5		 2024-03-14 -
2024-06-12		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-02-06 -
2024-05-06		 3 months crt.sh
userstatics.com
E1		 2024-03-28 -
2024-06-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://coinstrange.net/CFr4Fv
Frame ID: 8D2DEAD1DD290D07273863D38A57A880
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telegram: Join Money Chat

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

328 kB
Transfer

786 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request CFr4Fv
coinstrange.net/ 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/CFr4Fv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
992e7e5b1b0f681f55cf2baad342b9abdd4091f3c82be18d8278dcfb881d1200

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
87bdd1fb1a90baac-MXP
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 29 Apr 2024 08:11:15 GMT
expires
Mon, 29 Apr 2024 08:11:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FIQmUd7CeLHZj0akgQBVavbmSmbfsreCAdRAxV96RxyDfkHQ1VS3O%2FABu4b1JaWzUVZ8CmdwhLBJWv%2FSsoszKYyPO6FBj%2BRNW9zrmhsdB6LvuzxkrC%2B8oI%2BuxyUkjmzf63w%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/7.4.33
font-roboto.css
coinstrange.net/lander/p2p_1714341028/css/ 		6 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/lander/p2p_1714341028/css/font-roboto.css
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/CFr4Fv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dc681d034591a7547af531a6c9d5a757a37179f9d9796db25a990a510e51182

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/CFr4Fv
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"662ec4de-1783"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ev5mlnLB7WsPZq0aXa6AbFBAYyVfncfUkz8Xz484VaOqBn%2BRm882mErN%2BD326lPUSgMt0WVz6nvML%2F4%2BlMaNon3VvGQO0SSWEZWaR1DFRDOiMriGUXnSAkrGHDGg6M5KNJM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=864000
cf-ray
87bdd1fc2c60baac-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 May 2024 08:11:15 GMT
bootstrap.min.css
coinstrange.net/lander/p2p_1714341028/css/ 		42 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/lander/p2p_1714341028/css/bootstrap.min.css
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/CFr4Fv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/CFr4Fv
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"662ec4de-a61b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kk3HhhK1Z3w1eEzxfK8pb4JZE0SiM7naUWDAr%2FZFXCHg1Q6ZX08DQFA4r6vpzqA%2FTFSMg3m5C0zV4LNpyrZepzERyv6N%2FHOfGCVZrJe4GiSTNiTq1EiYH6Kn4f2xyZW1fVw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=864000
cf-ray
87bdd1fc2c63baac-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 May 2024 08:11:15 GMT
telegram.css
coinstrange.net/lander/p2p_1714341028/css/ 		112 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/lander/p2p_1714341028/css/telegram.css
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/CFr4Fv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fc76b0e06541cf913e3ff3b436e4d0cebb498c520bec3adbe4343ff39cb11f2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/CFr4Fv
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"662ec4de-1c135"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YzYPUCyZdWZwn2vuz2KTzIwHIh60WA7FWir20FQohtvTN7bs61NTnAW4AgEaXsoTcLjj9Y2jgtvI56kDecsdqfnUSWRA74q3100E7%2FZWbqzIJcBWJKLdrTMLK9xwMxrNw1Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=864000
cf-ray
87bdd1fc2c65baac-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 May 2024 08:11:15 GMT
U73ljEvhpmVdan-e6UVDwENmKHSzIjHV3VtoPPyJqEsOvFYAL0atNo2Z-56xNB3DpYrXplSb9gBiherSh3J1Ld2RhmXQ8_JiNQwsV7zWdqMdcV_uPrqStWqBpXkoM-CH.jpg
coinstrange.net/lander/p2p_1714341028/images/ 		126 KB
126 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://coinstrange.net/lander/p2p_1714341028/images/U73ljEvhpmVdan-e6UVDwENmKHSzIjHV3VtoPPyJqEsOvFYAL0atNo2Z-56xNB3DpYrXplSb9gBiherSh3J1Ld2RhmXQ8_JiNQwsV7zWdqMdcV_uPrqStWqBpXkoM-CH.jpg
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/CFr4Fv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d061b629340aa4842f400a12105de4e2f1246fd8be4f2b18acc8a84de5962b0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/CFr4Fv
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
128951
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
server
cloudflare
etag
"662ec4de-1f7b7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2FsIy%2FTLmQ298zjCm6lcT3udisp%2Fjba0CItHD1pTKbIeMM4lMsxkmA2UtN8YR2%2Ft9RzvOhpirNZqilAj3Mnn63yN4WdJ0me5WcL%2FnQtKNlGD4rmK52Ph%2F0a6YoRczwfCji8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=864000
accept-ranges
bytes
cf-ray
87bdd1fc2c68baac-MXP
expires
Thu, 09 May 2024 08:11:15 GMT
tgwallpaper.min.js
coinstrange.net/lander/p2p_1714341028/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/lander/p2p_1714341028/js/tgwallpaper.min.js
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/CFr4Fv
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d724dbc182d52d1b7b367fcf6fa14a9ffac4a63c1de1d52648cf123f6c50593

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/CFr4Fv
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"662ec4de-d3a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXYtP4qHPemN1RDsUVnpwG3TygPyl9YeGY%2B49qtmeNL0AsvmbeKGzsa9BUjnisnSnUpAUkfaCe9mfaH9mmnHGzK10DW1BWBsPEOjm0H0Gz00DjmOs2ubjyV2s2LCA9PZ3iM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=864000
cf-ray
87bdd1fc2c69baac-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 May 2024 08:11:15 GMT
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/CFr4Fv
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra3.fbcdn.net
Software
/
Resource Hash
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 29 Apr 2024 08:11:15 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57850
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=9, rtx=0, c=12, mss=1380, tbw=2773, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
WXJUNAECpUN6jc7JDBWjrEBMkQT8pgeO94MykADCPdOH0Y56dhFvqqimH7L7nSbmmieGZPcc2S9fH7RGUr53fA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pattern.svg
coinstrange.net/lander/p2p_1714341028/images/ 		226 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://coinstrange.net/lander/p2p_1714341028/images/pattern.svg
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/lander/p2p_1714341028/css/telegram.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
118add53487c02aaf5b5ab9f69380fa06717deb10492e14aaa487e3c62806ad4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/lander/p2p_1714341028/css/telegram.css
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"662ec4de-3891a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pYlMjjO7n0yq1yRANmZoM20PElXvEceF1stIFy56PaHY9jO7QtoF%2FM96UAAYYbhLPtBtzJIhZVeCBDEy1VGKRqr2%2B1wVNRMWqRqBX5Egr4QJg8q3m6AuMvW6yILg8jOYOCU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=864000
cf-ray
87bdd1fd2e39baac-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 May 2024 08:11:15 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
coinstrange.net/lander/p2p_1714341028/fonts/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/lander/p2p_1714341028/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/lander/p2p_1714341028/css/font-roboto.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f53e8b0a717ca4ce313eec62b90d41db62c2f4946259a65c93bf8e84c5b0c44

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/lander/p2p_1714341028/css/font-roboto.css
Origin
https://coinstrange.net
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
11040
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
server
cloudflare
etag
"662ec4de-2b20"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RsOMzGMELHZkMvDR%2BDb8j4NX4Lu7Na%2Fjk50DxPfvsiIDhybut0swXCENlfygVCsdZDBnoglWSvnAM%2BRTCTRJS%2FBFxB75ghEF6bPdIs0oqxF%2Ba3jsJmclGo%2B1DqNi%2FPTExHo%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=864000
accept-ranges
bytes
cf-ray
87bdd1fd4e6fbaac-MXP
expires
Thu, 09 May 2024 08:11:15 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
coinstrange.net/lander/p2p_1714341028/fonts/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/lander/p2p_1714341028/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/lander/p2p_1714341028/css/font-roboto.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/lander/p2p_1714341028/css/font-roboto.css
Origin
https://coinstrange.net
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
11028
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
server
cloudflare
etag
"662ec4de-2b14"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vG%2BdKl8dN2JnRPUc1Yv66DWJLffhBYwzfxHqqozGY2XixKrqPrbIgPWYkbJpRKrgd8codE%2FsE6HcAUPXcjWuy2XRWxVLvFhBM89h1FM6qiidYQGleX%2BCFOMErZWX0T0WTPw%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=864000
accept-ranges
bytes
cf-ray
87bdd1fd4e70baac-MXP
expires
Thu, 09 May 2024 08:11:15 GMT
KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
coinstrange.net/lander/p2p_1714341028/fonts/ 		6 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/lander/p2p_1714341028/fonts/KFOmCnqEu92Fr1Mu5mxKKTU1Kvnz.woff2
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/lander/p2p_1714341028/css/font-roboto.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41b5c3b25f4258190937deb900fa57a6db6d450ce7dd2af2259af760119a1c41

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/lander/p2p_1714341028/css/font-roboto.css
Origin
https://coinstrange.net
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
6460
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
server
cloudflare
etag
"662ec4de-193c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=30ZpojeH11wcic01Onv0spme6tEr74NnlB8caJBXy6ISR65nJ7VHz4S1eByW9nVsFjnbjjEJYsBxx3ednNh%2BpXlTgu2drHZo1PYLD14rj3GKzkp89zi%2F%2FUDXrK5w4tnx%2B2g%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=864000
accept-ranges
bytes
cf-ray
87bdd1fd4e72baac-MXP
expires
Thu, 09 May 2024 08:11:15 GMT
favicon.ico
coinstrange.net/lander/p2p_1714341028/ 		15 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://coinstrange.net/lander/p2p_1714341028/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.50.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/CFr4Fv
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 28 Apr 2024 21:51:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"662ec4de-3aee"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZHNibJNS6N1Ggml9Ksmm1hDjJv%2FyYtTTULRsZ6FN4W%2BZSGk7chKKkGd8%2BsAHqzSSYno1UUbf9eL59Gs18nEu26cTFYoQ3%2BDa%2B59x8ne5UKWuKAZ63w1iL87jkqidNV89n4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
max-age=864000
cf-ray
87bdd1fed8c5baac-MXP
alt-svc
h3=":443"; ma=86400
expires
Thu, 09 May 2024 08:11:15 GMT
script.js
userstatics.com/get/ 		133 B
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://userstatics.com/get/script.js?referrer=https://coinstrange.net/CFr4Fv
Requested by
Host: coinstrange.net
URL: https://coinstrange.net/lander/p2p_1714341028/js/tgwallpaper.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.2.1
Resource Hash
df9690fea031319de38a437cb6d393026c4aae70642ed394c4254ed64f035b26

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://coinstrange.net/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 29 Apr 2024 08:11:16 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.2.1
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/html; charset=utf-8
access-control-allow-origin
https://coinstrange.net
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VOFeotEBf71wWtuqEeSb5Tsn8tQWRtQPBiDXR7B7f%2BZdTJUipJ%2FJvXQSzl%2Bs0qBaRItaYWUHcUHth86lju8J4o6ZexZJKcRQv%2FPoa3hqI25L7ggVUbc2%2F6Rhj%2Beym7iy7fs%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
87bdd2039a7d4c48-MXP
access-control-allow-headers
X-Requested-With,content-type
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| fbq function| _fbq function| onClick object| TWallpaper object| tme_bg function| toggleTheme object| darkMedia

3 Cookies

Domain/Path Name / Value
coinstrange.net/ Name: _subid
Value: 3qh382ffa4
coinstrange.net/ Name: a56a4
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjk0XCI6MTcxNDM3ODI3NX0sXCJjYW1wYWlnbnNcIjp7XCI0MlwiOjE3MTQzNzgyNzV9LFwidGltZVwiOjE3MTQzNzgyNzV9In0.MimjMaMvxwJSbAowj1BNsH-79iqTokrEKO0Js4_x4lE
coinstrange.net/ Name: PHPREFS
Value: full