Report - www.coinbasecf-app.com/

Report Overview

Submitted URL
www.coinbasecf-app.com/
IP
52.139.170.40
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2023-02-02 00:53:16
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
86

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
www.coinbasecf-app.com	unknown	2023-01-05T19:37:39Z	2023-02-01T19:37:40Z	12 kB	2.6 MB	52.139.170.40
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.89.71.191
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	59 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase
2023-02-01	medium	www.coinbasecf-app.com/	Coinbase

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-02	medium	www.coinbasecf-app.com/	Phishing
2023-02-02	medium	www.coinbasecf-app.com/	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/js/app.548967e5.js	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/js/chunk-vendors.d1595a09.js	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/js/chunk-4043fba0.653a0e09.js	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/js/chunk-4711cb97.4dcaf51b.js	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/js/chunk-c19bad78.9c8bef24.js	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/js/chunk-6d7b0fc3.39200c45.js	Phishing
2023-02-02	medium	www.coinbasecf-app.com/api/wallets/1/templates/0	Phishing
2023-02-02	medium	www.coinbasecf-app.com/api/configs	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/img/icon_duigou.455309c2.svg	Phishing
2023-02-02	medium	www.coinbasecf-app.com/files/rcw45g3.29795107	Phishing
2023-02-02	medium	www.coinbasecf-app.com/api/app/dialogs	Phishing
2023-02-02	medium	www.coinbasecf-app.com/files/rnbp7u4.json	Phishing
2023-02-02	medium	www.coinbasecf-app.com/files/rcw1dg6.44	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/fonts/Nunito-Bold.c0844c99.ttf	Phishing
2023-02-02	medium	www.coinbasecf-app.com/static/fonts/Nunito-SemiBold.876701bc.ttf	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (2)

	URL	Size	First Seen	Last Seen
	www.coinbasecf-app.com/static/js/app.548967e5.js	555 kB	2023-03-13	2023-03-13
Pretty URL www.coinbasecf-app.com/static/js/app.548967e5.js IP 52.139.170.40 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:41:32 Last Seen2023-03-13 17:37:37 Times Seen1 Hash 081eb7092f506327a49227232e097f4e 173323eeadb3b137819d1a1580eb8c4bb513bc6b 6d259344029e4d53a9872068f5287e34ff16060e16f4635e669044d9d7cca9bb Loading...

		Size	First Seen	Last Seen
	#1 Eval - f0ffd3b7c2574ac324603ed00488c850	7 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 01:03:35 Last Seen2024-04-26 15:12:41 Times Seen20348 Hash f0ffd3b7c2574ac324603ed00488c850 623e76c36aa2a886542011e28412cc761d7ceb01 c4d0cf241a1bfa1c8bf4cf24e8f89d2ab786a284a39adb2fc8df7ea14e73c154 Loading...

HTTP Transactions (46)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16006
Expires: Thu, 02 Feb 2023 05:19:50 GMT
Date: Thu, 02 Feb 2023 00:53:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17072
Expires: Thu, 02 Feb 2023 05:37:36 GMT
Date: Thu, 02 Feb 2023 00:53:04 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 02 Feb 2023 00:36:02 GMT
content-type: application/json
age: 1022
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11203
Expires: Thu, 02 Feb 2023 03:59:47 GMT
Date: Thu, 02 Feb 2023 00:53:04 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TMwLHiJkWx36K7aF71ItPv4tE51Eg8hxEGZc6HEMfZfofx3qwgP7hTyHrTztOr17xwwC44YzosQ=
x-amz-request-id: J2YRSQH8JVZAF8J4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 02 Feb 2023 00:51:46 GMT
age: 78
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 02 Feb 2023 00:53:04 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 02 Feb 2023 00:49:05 GMT
age: 240
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.coinbasecf-app.com/

52.139.170.40

301 Moved Permanently

166 B

URL HTTP/1.1
www.coinbasecf-app.com/
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
166 B (166 bytes)
Hash
3ea1c8d079b38532a6e01a96216ba5e2
598d3ff91d3e252f1e13df8cf0348b270ff2da3f
87a9323ac85ce28867d5d7ce590c8f29b8d1a999961fca71bb33adef48683691

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Feb 2023 00:53:05 GMT
Content-Type: text/html
Content-Length: 166
Connection: keep-alive
Location: https://www.coinbasecf-app.com/
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5928
Expires: Thu, 02 Feb 2023 02:31:53 GMT
Date: Thu, 02 Feb 2023 00:53:05 GMT
Connection: keep-alive

push.services.mozilla.com/

52.89.71.191

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.71.191:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Ql6e7Adaa8qar+nSZRrHJA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 9+jirUtT+ZrWs2NuMqDShSM643M=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4972e7210981174fe8bf90e52b33df91
7d199bc841088f5edb10300642f04a20919f9fbd
efa8d8209b358b38a8dc7ca8261d58c605add23d7106921552da85c1c6280395

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EFA8D8209B358B38A8DC7CA8261D58C605ADD23D7106921552DA85C1C6280395"
Last-Modified: Wed, 01 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21598
Expires: Thu, 02 Feb 2023 06:53:04 GMT
Date: Thu, 02 Feb 2023 00:53:06 GMT
Connection: keep-alive

www.coinbasecf-app.com/

52.139.170.40

200 OK

1.2 kB

URL HTTP/1.1
www.coinbasecf-app.com/
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- assembler source, ASCII text, with very long lines (1749)
Size
1.2 kB (1226 bytes)
Hash
780619a16b2779b65f90ed898e7c7ca1
e50e46da3035db59d030bf688a1ea415436e0e8a
dabc75d9ef52c7c15f48f9cb21dc3ec17896fb78745721f22409d810738d61b9

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:06 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 08:37:20 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63d0ea40-b41"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS
Content-Encoding: gzip

www.coinbasecf-app.com/static/css/chunk-vendors.08fce731.css

52.139.170.40

200 OK

40 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/css/chunk-vendors.08fce731.css
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (65536), with no line terminators
Size
40 kB (40518 bytes)
Hash
f702556fd6ce2249f3c43416923c7f21
bebc3b169b38bcbae69cd0af8a20402eb04780a4
04a9871c891c076a3e063118589568cd25541e430e6b13ab9710ec0908250ef7

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /static/css/chunk-vendors.08fce731.css HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:06 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 08:10:02 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63b685da-1958d"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6726
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 00:53:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6726
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 00:53:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6726
Expires: Thu, 02 Feb 2023 02:45:13 GMT
Date: Thu, 02 Feb 2023 00:53:07 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg

34.120.237.76

200 OK

5.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.4 kB (5356 bytes)
Hash
7c823f1d6bf1c50d58eb263b85e6e37c
a7b74d11494fb3254df907e5cc1eead070d84617
b2706961eb756383e0988dfdb501dc424aea59697aedd1e4a6c294c314a31935

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe18f9e12-0986-423b-911d-6271bb996db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5356
x-amzn-requestid: fef22c83-35a4-4990-9008-af5853f838d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc5BEB6oAMFczg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb6c-68d3017555c069bc3107d150;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:44 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: l6-o76hw-t0vadcFKKSBS6gEaHfkob3_ZUOg-zd90GmENeSiVmvr4g==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 00:51:56 GMT
age: 111
etag: "a7b74d11494fb3254df907e5cc1eead070d84617"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 91987222-d376-4099-a4e9-5f877b5212be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLzO2FSDIAMFktg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce325e-281a7e062ee3039d42ae8f83;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:08:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: SEH32iK4aCkxhxQyu3fSlW8uVM1Oj5hwnl2U09k_THEOdAqdEeVMJw==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:03:43 GMT
age: 10164
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

15 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
15 kB (15051 bytes)
Hash
6bb5b89e738516f4862491eec286bf6d
8fb46b9ca85f2c578eb2a56d0007859183e12209
7f164a37b675bf39f8473392b07a2a383397da003303965fb190fd4f455bb43b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab614ba-4572-4b54-9079-a26b68b1ece7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15051
x-amzn-requestid: 72a3f2ae-538e-40dc-9496-86c28334ba0d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frc6jGTAIAMFy4A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadb76-72178ed13a2e70d462785b90;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:36:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: CKTfQzCvXa4oL6Lm2n8Rw_9Uhj69YfgpDTP9s0zoaX5qW1vcqWIXDA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 21:54:58 GMT
age: 10689
etag: "8fb46b9ca85f2c578eb2a56d0007859183e12209"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10807 bytes)
Hash
b91a1323efe4b01a2d1a2e8485117934
43d04a554f6ef512e7b21ac09287efc0e4e5efee
393e3ab81aee9fda022d06c25789be66e56aaf56f81b0514ab5dfec445087bdf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffdd8c5ba-bd1b-4dda-ae36-680f02b388f8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10807
x-amzn-requestid: 9fff89ce-35f7-4b09-b766-6e65b4586c10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ5PHm7oAMFdfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bd07-0ed090976c8a74542e225f4c;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Hhd99jugAUeT4SMDkgOSFkc9q5jWXE0qAq51OVq8ct4juyFrYH0IhA==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:23:30 GMT
age: 62977
etag: "43d04a554f6ef512e7b21ac09287efc0e4e5efee"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc092e5e-3a14-4d43-9814-99fd9d49d6c8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7450 bytes)
Hash
41c44051cc3b4c69924df66048e7566b
5c6a12595c3f6005fec4baa84b16575951e72178
72dff70bcb417c088aba013a486e1dbabe099b40fb718a283f1ba220b142b848

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc092e5e-3a14-4d43-9814-99fd9d49d6c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7450
x-amzn-requestid: 1b3ef150-9b12-4b8b-94e6-0d6debbd24ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdTDFmPoAMF-UQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadc13-0fea883b0ce1a1b933dc2be8;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:39:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qON7fRZ1XPCkl7ldiGagd0UcPynLKMzysXr8LZSRvS1ily9cN5w_wA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 22:22:55 GMT
age: 9012
etag: "5c6a12595c3f6005fec4baa84b16575951e72178"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4814 bytes)
Hash
86664b4d1fc27ba7b5bff8a245604326
b8c7ef73101a497b6c78ad59aafe66a391fdc3fa
e4596faadf14051299036a79632951d90183dd0635293687edef11985799a752

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0d335250-c4ff-42af-b9c2-48711573ab39.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4814
x-amzn-requestid: 90da23ab-2c54-40ec-8e26-bdf4eeb1e27b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: frdKWFpvoAMFyPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dadbdb-70c4cb89413ed6bd44731d76;Sampled=0
x-amzn-remapped-date: Wed, 01 Feb 2023 21:38:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: htcecPD3kYwCPwPPCqgVuXnCuKo6TTKntzaB2xFID5fvBXpZQe463A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 00:52:30 GMT
etag: "b8c7ef73101a497b6c78ad59aafe66a391fdc3fa"
content-type: image/jpeg
age: 37
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.coinbasecf-app.com/static/css/app.458720dd.css

52.139.170.40

200 OK

80 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/css/app.458720dd.css
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (65536), with no line terminators
Size
80 kB (79563 bytes)
Hash
49e768ee15bcf59f9521d6a38d2ee8a2
70a9e75f8a6b41c2685d438cb853f31dac55b050
4141af68a4346aae620a57ca2a845ed0a6dba419ab1f2f2532ca2d493a7495bf

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /static/css/app.458720dd.css HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:07 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 08:37:20 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63d0ea40-486f3"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/static/js/app.548967e5.js

52.139.170.40

200 OK

201 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/js/app.548967e5.js
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (65475), with no line terminators
Size
201 kB (200751 bytes)
Hash
ee5307c5d133c8385351fbda02bb6c20
9ea408252bdea8194beb8293bbda14a27be50408
9448adab301519e430d4b2af72778a504bdab6fb5acdddd07fd466d2972a3ab6

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/js/app.548967e5.js HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 25 Jan 2023 08:37:20 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63d0ea40-8791f"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/static/js/chunk-vendors.d1595a09.js

52.139.170.40

200 OK

1.8 MB

URL HTTP/1.1
www.coinbasecf-app.com/static/js/chunk-vendors.d1595a09.js
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (60607)
Size
1.8 MB (1781996 bytes)
Hash
d7d1921b08109efb3ff4bbd13e828a5c
2e7840f59eea5753ca99a9bac43497ce4682a31a
be37a0eaa7a5d53f16d628ce2cc2d854527a39c285fad839d3685b33426b90fb

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/js/chunk-vendors.d1595a09.js HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:07 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 17 Jan 2023 03:57:31 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63c61cab-4a63fd"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/favicon.ico

52.139.170.40

403 Forbidden

144 B

URL HTTP/1.1
www.coinbasecf-app.com/favicon.ico
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
144 B (144 bytes)
Hash
ff488a3a7c828d8853d25c236503048e
c954332064982d8d4ec8687d4bb69e0c056e24e9
4d76cd0acfe2f3e91b1736936fdfcf0746196ffd831165b921927ff32cda83b6

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 403 Forbidden
Date: Thu, 02 Feb 2023 00:53:09 GMT
Content-Type: text/html
Content-Length: 144
Connection: keep-alive
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS

www.coinbasecf-app.com/static/css/chunk-4711cb97.dcfaad6a.css

52.139.170.40

200 OK

448 B

URL HTTP/1.1
www.coinbasecf-app.com/static/css/chunk-4711cb97.dcfaad6a.css
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (1070), with no line terminators
Size
448 B (448 bytes)
Hash
5981386c46bc544392552a81af6a6490
0dbe61e859cce451ba886b055a8621ce212ed261
71bf3450f28738d2e7756a014d1e05da9c3ac6e4d8c3580d29baa03d9e7e2f75

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /static/css/chunk-4711cb97.dcfaad6a.css HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 12 Jan 2023 08:06:51 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63bfbf9b-42e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/static/css/chunk-6d7b0fc3.d92afbd1.css

52.139.170.40

200 OK

585 B

URL HTTP/1.1
www.coinbasecf-app.com/static/css/chunk-6d7b0fc3.d92afbd1.css
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (585), with no line terminators
Size
585 B (585 bytes)
Hash
ed60012e29d80ead974959557e6b6437
64047681bac245fae5722eb8a309631805123ede
e853c556e4f842a643a6b183681714b49d750308c533e2cb5b48be9f500f1646

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /static/css/chunk-6d7b0fc3.d92afbd1.css HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: text/css
Content-Length: 585
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 08:10:02 GMT
Vary: Accept-Encoding
ETag: "63b685da-249"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Accept-Ranges: bytes

www.coinbasecf-app.com/static/css/chunk-4043fba0.efdd0cba.css

52.139.170.40

200 OK

678 B

URL HTTP/1.1
www.coinbasecf-app.com/static/css/chunk-4043fba0.efdd0cba.css
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (2296), with no line terminators
Size
678 B (678 bytes)
Hash
20383fd4bcfa44702eaa62af42da852a
67a57e2fdb7115fecde53c83ce2f2405942cbb89
1de1156fcd925ff63860ccf042950cd5dda67336dbe612b4866053ba115b6e4c

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /static/css/chunk-4043fba0.efdd0cba.css HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 12 Jan 2023 08:06:51 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63bfbf9b-8f8"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/api/identify?domain=coinbasecf-app.com

52.139.170.40

200 OK

170 B

URL HTTP/1.1
www.coinbasecf-app.com/api/identify?domain=coinbasecf-app.com
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with no line terminators
Size
170 B (170 bytes)
Hash
0941196e4351436f4f7e3120e54079bb
aadb78c406d71fef8d4150de38e42229c774e663
8c1d8f2428e1188cbab965f1236422ddce226ba00ab9ddb4f615179ba28f60e2

HTTP Headers

GET /api/identify?domain=coinbasecf-app.com HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Version: 1.0.0
Platform: Linux x86_64
Lang: en-US
Agent-Identify: undefined
Device-Id: h5
Request-Date: 1675299213
Signature: 64407f01f8f6aa26a5984cfef6921509
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS

www.coinbasecf-app.com/static/css/chunk-c19bad78.2830a849.css

52.139.170.40

200 OK

719 B

URL HTTP/1.1
www.coinbasecf-app.com/static/css/chunk-c19bad78.2830a849.css
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (2680), with no line terminators
Size
719 B (719 bytes)
Hash
4868f5024844943241c4b224b52e3467
8eafe98f66f8aba2289fa9e8b4552daaf7aa2274
34c475457128a958990f18c823e419d200bf8e6df2f00f4149ab016a6728c9c8

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /static/css/chunk-c19bad78.2830a849.css HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 12 Jan 2023 08:06:51 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63bfbf9b-a78"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/static/js/chunk-4043fba0.653a0e09.js

52.139.170.40

200 OK

1.5 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/js/chunk-4043fba0.653a0e09.js
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (3694), with no line terminators
Size
1.5 kB (1462 bytes)
Hash
0df68867bdc406b46407db8dd8d07c1e
bf37049ed060b1780a0a59e3614846b86c07c592
ec5b147ee55e63941d340e03b454ca2e3326cdf55fbf68dfac509a6edc3fb8e9

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/js/chunk-4043fba0.653a0e09.js HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 12 Jan 2023 08:06:51 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63bfbf9b-e6e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/static/js/chunk-4711cb97.4dcaf51b.js

52.139.170.40

200 OK

2.8 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/js/chunk-4711cb97.4dcaf51b.js
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (5490), with no line terminators
Size
2.8 kB (2822 bytes)
Hash
8418dff66796e2b9fe20d9735398659e
1ce2181a8b3c67184e8d58e817aa04f5980faaf8
6e7bdc9714ed3e06424de27cd94c1235434458297b50d09468924ab5b5f6e3f6

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/js/chunk-4711cb97.4dcaf51b.js HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 12 Jan 2023 08:06:51 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63bfbf9b-1572"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/static/js/chunk-c19bad78.9c8bef24.js

52.139.170.40

200 OK

4.5 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/js/chunk-c19bad78.9c8bef24.js
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Unicode text, UTF-8 text, with very long lines (10713), with no line terminators
Size
4.5 kB (4494 bytes)
Hash
51f429df5bd7c0a4261775cce257f5e8
9def0d12b9b9d84a11bba4c54de2437d66fa7df1
aba3a714d76f4f44d7accaab157c09aeee6dd569ad66b12e5617bce8473ea3e1

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/js/chunk-c19bad78.9c8bef24.js HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 17 Jan 2023 03:57:31 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63c61cab-29dd"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/static/js/chunk-6d7b0fc3.39200c45.js

52.139.170.40

200 OK

811 B

URL HTTP/1.1
www.coinbasecf-app.com/static/js/chunk-6d7b0fc3.39200c45.js
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
ASCII text, with very long lines (1452), with no line terminators
Size
811 B (811 bytes)
Hash
937281159723f5c8a1e1eee7216f6f09
9dfa430e681167b32be285a5d04f48d2777ecf76
a9d53b5742fb238be47d06ee2b1af3797aa54a8f79585c365f8f7f19cb0fd34e

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/js/chunk-6d7b0fc3.39200c45.js HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 05 Jan 2023 08:10:03 GMT
Vary: Accept-Encoding, Accept-Encoding
ETag: W/"63b685db-5ac"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Content-Encoding: gzip

www.coinbasecf-app.com/api/wallets/1/templates/0

52.139.170.40

200 OK

246 B

URL HTTP/1.1
www.coinbasecf-app.com/api/wallets/1/templates/0
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (315), with no line terminators
Size
246 B (246 bytes)
Hash
bbcf4dac63aac2f174f5abcba9e9d493
ca996923f45c174539372998d2f767628ebdeff7
f879aaba5f1fb4dbdee8b3b387510d742dde9a72180a46d4f8424e94b9c9c605

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /api/wallets/1/templates/0 HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Version: 1.0.0
Platform: Linux x86_64
Lang: en-US
Agent-Identify: d05e57cb-88a1-49ec-89e5-fc8268c50c80
Device-Id: h5
Request-Date: 1675299214
Signature: 04ee5c7209e8c6aede001211b55ce455
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS

www.coinbasecf-app.com/api/configs

52.139.170.40

200 OK

1.1 kB

URL HTTP/1.1
www.coinbasecf-app.com/api/configs
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with very long lines (2655), with no line terminators
Size
1.1 kB (1064 bytes)
Hash
ab887576ec1673f46182968a594f62e8
66b6ad9db4dbe05cbc9f05a5d8346195a6029ab8
623d7f0e056a226adc337444c7fecb264543b42f59e35e338156086a33e2b5a0

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /api/configs HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Version: 1.0.0
Platform: Linux x86_64
Lang: en-US
Agent-Identify: d05e57cb-88a1-49ec-89e5-fc8268c50c80
Device-Id: h5
Request-Date: 1675299214
Signature: 6a89b360a22818ba46dc92accafe654c
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:10 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS

www.coinbasecf-app.com/static/img/icon_duigou.455309c2.svg

52.139.170.40

200 OK

1.7 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/img/icon_duigou.455309c2.svg
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (1089)
Size
1.7 kB (1717 bytes)
Hash
455309c29bf7626df47507c12fe7926d
131a81271e6b29b6a370087cfb2db2b5ff6aece4
b1303fa2dc2a0e950c8d8510e4a73d70cfa5d5a9a28fbfa60c06ddbd6962b4f4

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/img/icon_duigou.455309c2.svg HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: image/svg+xml
Content-Length: 1717
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 09:56:43 GMT
Vary: Accept-Encoding
ETag: "637f3fdb-6b5"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Accept-Ranges: bytes

www.coinbasecf-app.com/static/img/icon_googlePlay.c4282a5f.png

52.139.170.40

200 OK

17 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/img/icon_googlePlay.c4282a5f.png
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 464 x 138, 8-bit/color RGBA, non-interlaced\012- data
Size
17 kB (17300 bytes)
Hash
c4282a5f16443fd4493ced29810ef78d
350cb5059ba98aa2305ba0d959fec205c30d0f86
7036016f1b71023def76c780104605b32a3f61bcf0bbc4e851b58ddef0582f01

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /static/img/icon_googlePlay.c4282a5f.png HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: image/png
Content-Length: 17300
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 09:56:43 GMT
ETag: "637f3fdb-4394"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Accept-Ranges: bytes

www.coinbasecf-app.com/static/img/icon_appStore.89f0eb05.png

52.139.170.40

200 OK

14 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/img/icon_appStore.89f0eb05.png
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 464 x 138, 8-bit/color RGBA, non-interlaced\012- data
Size
14 kB (14006 bytes)
Hash
89f0eb0533a76fcf8a2714e6945cb344
faf2cd0dc10a9f06388f51998f399732e901f61b
8dc4749e2ea6917da79d553571aadc8ab4dff908a1b48bb2582be80247aa2213

Detections

Analyzer	Verdict	Alert
openphish	Coinbase

HTTP Headers

GET /static/img/icon_appStore.89f0eb05.png HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: image/png
Content-Length: 14006
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 09:56:43 GMT
ETag: "637f3fdb-36b6"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Accept-Ranges: bytes

www.coinbasecf-app.com/files/rcw45g3.29795107

52.139.170.40

200 OK

13 kB

URL HTTP/1.1
www.coinbasecf-app.com/files/rcw45g3.29795107
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 450 x 80, 8-bit/color RGBA, non-interlaced\012- data
Size
13 kB (12660 bytes)
Hash
29795107c169eb9bbcabdbf9549929f9
c9643656f957ae51ca5f5981aea041776c79ffc8
adb5d1b1eb058f2f393730f020967dccf2201994212ab41ae48de25d676a2211

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /files/rcw45g3.29795107 HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: image/png
Content-Length: 12660
Connection: keep-alive
x-amz-id-2: 5pZjI7eW0rtbFB5IjIF/uVqfoLnAVfUpxOMQSOLl4v5ePyyL4qx1ryAJ0SjXZDd7+ctEsn00dBM=
x-amz-request-id: SRS1X5SQXASWBFTQ
Last-Modified: Fri, 03 Jun 2022 07:25:53 GMT
ETag: "29795107c169eb9bbcabdbf9549929f9"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
Content-Disposition: attachment
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS

www.coinbasecf-app.com/api/app/dialogs

52.139.170.40

200 OK

64 B

URL HTTP/1.1
www.coinbasecf-app.com/api/app/dialogs
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , ASCII text, with no line terminators
Size
64 B (64 bytes)
Hash
414734fd09e01292a48b8953548c43b3
e2e7db14c9d335d81a64feb52c40370c5ff744d8
31c918746a04f6f71be7a4cd9afc151be32a2d944f736286eac9047af0aa27af

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /api/app/dialogs HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Client-Version: 1.0.0
Platform: Linux x86_64
Lang: en-US
Agent-Identify: d05e57cb-88a1-49ec-89e5-fc8268c50c80
Device-Id: h5
Request-Date: 1675299214
Signature: 4f78911afc5f68af860e91b8286f10e0
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type, DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS

www.coinbasecf-app.com/files/rnbp7u4.json

52.139.170.40

200 OK

71 kB

URL HTTP/1.1
www.coinbasecf-app.com/files/rnbp7u4.json
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (63922), with no line terminators
Size
71 kB (71118 bytes)
Hash
32b0d6bc0eacf807a7f42a77c718a06d
003a50c6e10abe6ee56915577a50fce1e44a2c08
b48112e59838071203026bfede08c631c304293f3f43511dfad2afb77db9911b

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /files/rnbp7u4.json HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding
x-amz-id-2: NV4P899BlYzeqU7iyp4U2rxYIQ8Ml+v6O38PtZzrZ7UFNyrnapPxipOpFGnfTbA+6MmrePgH700=
x-amz-request-id: SRSC24721SKT4B9F
Last-Modified: Fri, 23 Dec 2022 03:06:40 GMT
ETag: W/"3ce54e65112190ac527bd7c4db75ebe7"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
Content-Disposition: attachment
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS
Content-Encoding: gzip

www.coinbasecf-app.com/files/rcw1dg6.44

52.139.170.40

200 OK

54 kB

URL HTTP/1.1
www.coinbasecf-app.com/files/rcw1dg6.44
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 982x860, components 3\012- data
Size
54 kB (53911 bytes)
Hash
1ce25b1e327e4c68fb347aa400e083da
0f8d6c7cb85713382a42a594d01053479653383d
7449631badd9075484b2f70f972efbbee951570156038617ed73edfcdd387896

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /files/rcw1dg6.44 HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: image/jpeg
Content-Length: 53911
Connection: keep-alive
x-amz-id-2: yjeRyrnI+ZLhAOVKXS83I/18IJ6+tHUZIhsYMqTnAvogqeerUWhEwriGr06N8/Brmuihft6Nqig=
x-amz-request-id: SRSABY7N0R7B070A
Last-Modified: Fri, 03 Jun 2022 07:06:50 GMT
ETag: "1ce25b1e327e4c68fb347aa400e083da"
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-server-side-encryption: AES256
Content-Disposition: attachment
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: MISS

www.coinbasecf-app.com/static/fonts/Nunito-Bold.c0844c99.ttf

52.139.170.40

200 OK

153 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/fonts/Nunito-Bold.c0844c99.ttf
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409, Copyright 2014 The Nunito Project Authors (https://github.com/googlefonts/nunito)NunitoBold3.601\012- data
Size
153 kB (152748 bytes)
Hash
c0844c990ecaaeb9f124758d38df4f3f
231df28194a466da9e8ad72532164f50ad5f8750
8b9e27ba172e5b535b1d0564b4882f74aecc77a4dc4d20fc400bd2b2bc4418c1

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/fonts/Nunito-Bold.c0844c99.ttf HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/static/css/app.458720dd.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: application/octet-stream
Content-Length: 152748
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 09:56:43 GMT
ETag: "637f3fdb-254ac"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Accept-Ranges: bytes

www.coinbasecf-app.com/static/fonts/Nunito-SemiBold.876701bc.ttf

52.139.170.40

200 OK

153 kB

URL HTTP/1.1
www.coinbasecf-app.com/static/fonts/Nunito-SemiBold.876701bc.ttf
IP
52.139.170.40:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2014 The Nunito Project Authors (https://github.com/googlefonts/nunito)Nunito SemiBold\012- data
Size
153 kB (153116 bytes)
Hash
876701bc4fbf6166f07f152691b15159
91ab95e4bfedccb234e05305eeb2de76e5f5f66a
f1e4f2f2fc3d7c308dd2c7535c10c26020928a3e424a93712392d05429945cef

Detections

Analyzer	Verdict	Alert
openphish	Coinbase
fortinet	Phishing

HTTP Headers

GET /static/fonts/Nunito-SemiBold.876701bc.ttf HTTP/1.1
Host: www.coinbasecf-app.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.coinbasecf-app.com/static/css/app.458720dd.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Date: Thu, 02 Feb 2023 00:53:11 GMT
Content-Type: application/octet-stream
Content-Length: 153116
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 09:56:43 GMT
ETag: "637f3fdb-2561c"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Access-Token,Sign,Lang,Agent-Identify,Client-Version,Platform,Device-Id,Context-Type
Server: cdn
Strict-Transport-Security: max-age=31536000;
X-Cache-Status: HIT
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (2)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (46)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP