![](/screenshots/667237ec-5f3a-499c-99d4-64b1d470a79b.png)
coinbasesfo.xyz
Open in
urlscan Pro
156.229.129.157
Malicious Activity!
Public Scan
Submission: On November 03 via api from US — Scanned from DE
Summary
This is the only time coinbasesfo.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Coinbase (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 156.229.129.157 156.229.129.157 | 398968 (GROUP-IID-01) (GROUP-IID-01) | |
1 | 120.52.95.234 120.52.95.234 | 133119 (UNICOM-CN...) (UNICOM-CN China Unicom IP network) | |
6 | 2606:4700:440... 2606:4700:4400::ac40:9159 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2600:9000:214... 2600:9000:214f:4000:12:94b3:c380:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
23 | 5 |
ASN13335 (CLOUDFLARENET, US)
www.coinbase.com | |
static-assets.coinbase.com | |
assets.coinbase.com |
ASN16509 (AMAZON-02, US)
images.ctfassets.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
coinbasesfo.xyz
coinbasesfo.xyz |
210 KB |
6 |
coinbase.com
assets.coinbase.com — Cisco Umbrella Rank: 129367 Failed www.coinbase.com — Cisco Umbrella Rank: 35985 static-assets.coinbase.com — Cisco Umbrella Rank: 59700 |
82 KB |
2 |
ctfassets.net
images.ctfassets.net — Cisco Umbrella Rank: 4301 |
4 KB |
1 |
bootcdn.net
cdn.bootcdn.net — Cisco Umbrella Rank: 107719 |
33 KB |
23 | 4 |
Domain | Requested by | |
---|---|---|
7 | coinbasesfo.xyz |
coinbasesfo.xyz
|
3 | assets.coinbase.com |
coinbasesfo.xyz
|
2 | static-assets.coinbase.com |
coinbasesfo.xyz
|
2 | images.ctfassets.net |
coinbasesfo.xyz
|
1 | www.coinbase.com |
coinbasesfo.xyz
|
1 | cdn.bootcdn.net |
coinbasesfo.xyz
|
23 | 6 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cdn.bootcdn.net TrustAsia RSA DV TLS CA G2 |
2022-06-06 - 2023-06-06 |
a year | crt.sh |
coinbase.com Cloudflare Inc ECC CA-3 |
2022-02-18 - 2023-02-17 |
a year | crt.sh |
images.ctfassets.net Amazon |
2022-02-17 - 2023-03-18 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://coinbasesfo.xyz/
Frame ID: CFE6708F1472D4EEC595F9E494CD2FFB
Requests: 23 HTTP requests in this frame
Screenshot
![](/screenshots/667237ec-5f3a-499c-99d4-64b1d470a79b.png)
Page Title
Coinbase – Buy & Sell Bitcoin, Ethereum, and more with trustDetected technologies
![](/vendor/wappa/icons/Vue.js.png)
Detected patterns
- (?:/([\d.]+))?/vue(?:\.min)?\.js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
29 Outgoing links
These are links going to different origins than the main page.
Title: Android
Search URL Search Domain Scan URL
Title: iOS
Search URL Search Domain Scan URL
Title: Learn how Coinbase keeps your funds safe and secure
Search URL Search Domain Scan URL
Title: Learn how your crypto is covered by our insurance policy
Search URL Search Domain Scan URL
Title: Blog
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Investors
Search URL Search Domain Scan URL
Title: Wallet
Search URL Search Domain Scan URL
Title: Custody
Search URL Search Domain Scan URL
Title: Asset Hub
Search URL Search Domain Scan URL
Title: Commerce
Search URL Search Domain Scan URL
Title: Coinbase Cloud
Search URL Search Domain Scan URL
Title: Connect
Search URL Search Domain Scan URL
Title: Commerce
Search URL Search Domain Scan URL
Title: Pro
Search URL Search Domain Scan URL
Title: Bison Trails
Search URL Search Domain Scan URL
Title: WalletLink
Search URL Search Domain Scan URL
Title: Rosetta
Search URL Search Domain Scan URL
Title: USDC
Search URL Search Domain Scan URL
Title: Help center
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Create account
Search URL Search Domain Scan URL
Title: ID verification
Search URL Search Domain Scan URL
Title: Account information
Search URL Search Domain Scan URL
Title: Payment methods
Search URL Search Domain Scan URL
Title: Supported crypto
Search URL Search Domain Scan URL
Title: Supported countries
Search URL Search Domain Scan URL
Title: Status
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
coinbasesfo.xyz/ |
150 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
coinbasesfo.xyz/static/common/js/vant/ |
141 KB 47 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vue.min.js
coinbasesfo.xyz/static/common/js/vue/ |
92 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vant.min.js
coinbasesfo.xyz/static/common/js/vant/ |
270 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdn.bootcdn.net/ajax/libs/jquery/1.9.0/ |
91 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CoinbaseIcons-1634070361328.098c80fd24215db84d793155c5829823.woff2
assets.coinbase.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CoinbaseSans-Regular.c9a6e887656f7b1014db3f1a07247ee2.woff2
assets.coinbase.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CoinbaseSans-Medium.b54c6aeed882bdf66df4e5fac9c2340e.woff2
assets.coinbase.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CoinbaseText-Regular.d65a3b1d9255924adbeeabac46787723.woff2
assets.coinbase.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CoinbaseText-Medium.d164398f71705e41d035e25101303347.woff2
assets.coinbase.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CoinbaseDisplay-Regular.62bf1b795c1ad225811afd9715abdc90.woff2
assets.coinbase.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
CoinbaseDisplay-Medium.88e532b2f6f58aac7f1dbbd3b4731e92.woff2
assets.coinbase.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
version-0.30.9-no-fonts.css
www.coinbase.com/assets/sw-cache/web/ |
65 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Consumer_Wordmark.svg
images.ctfassets.net/q5ulk4bp65r7/3TBS4oVkD1ghowTqVQJlqj/2dfd4ea3b623a7c0d8deb2ff445dee9e/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset-logo.svg
static-assets.coinbase.com/earn/campaigns/stellar/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
init.js
coinbasesfo.xyz/ |
530 B 774 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
portfolio.352f1ebd5622fb93068757ca3a33b88b.svg
assets.coinbase.com/assets/ |
61 KB 17 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
query.js
coinbasesfo.xyz/ct/ |
12 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-lroriVcVdxErME8gnOd08fi18vOs3uykhq3BbeEjYZk=.js
coinbasesfo.xyz/ct/ |
10 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Consumer_Wordmark.svg
images.ctfassets.net/q5ulk4bp65r7/3TBS4oVkD1ghowTqVQJlqj/2dfd4ea3b623a7c0d8deb2ff445dee9e/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
portfolio.352f1ebd5622fb93068757ca3a33b88b.svg
assets.coinbase.com/assets/ |
61 KB 17 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset-logo.svg
static-assets.coinbase.com/earn/campaigns/stellar/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
coinbase-app-mobile.ce6b3771820067349ca07f6debc35f2d.webp
assets.coinbase.com/assets/ |
32 KB 33 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- assets.coinbase.com
- URL
- https://assets.coinbase.com/assets/CoinbaseIcons-1634070361328.098c80fd24215db84d793155c5829823.woff2
- Domain
- assets.coinbase.com
- URL
- https://assets.coinbase.com/assets/CoinbaseSans-Regular.c9a6e887656f7b1014db3f1a07247ee2.woff2
- Domain
- assets.coinbase.com
- URL
- https://assets.coinbase.com/assets/CoinbaseSans-Medium.b54c6aeed882bdf66df4e5fac9c2340e.woff2
- Domain
- assets.coinbase.com
- URL
- https://assets.coinbase.com/assets/CoinbaseText-Regular.d65a3b1d9255924adbeeabac46787723.woff2
- Domain
- assets.coinbase.com
- URL
- https://assets.coinbase.com/assets/CoinbaseText-Medium.d164398f71705e41d035e25101303347.woff2
- Domain
- assets.coinbase.com
- URL
- https://assets.coinbase.com/assets/CoinbaseDisplay-Regular.62bf1b795c1ad225811afd9715abdc90.woff2
- Domain
- assets.coinbase.com
- URL
- https://assets.coinbase.com/assets/CoinbaseDisplay-Medium.88e532b2f6f58aac7f1dbbd3b4731e92.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Coinbase (Crypto Exchange)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| Vue object| vant function| $ function| jQuery string| jsUrl function| addJs function| addCss function| domWrite function| mdjm object| _that2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
coinbasesfo.xyz/ | Name: s61f0ab9e Value: rlfch503vo7tanavdafvdr4t28 |
|
.coinbase.com/ | Name: __cf_bm Value: 0j2QSfPZQV8nhrUVTUNxcgii6B6LIatmQz9BY8Po_DY-1667433877-0-AYimLAKVuual6YhHdIhSCDTvglkvxtXCVvDj4wuFpwtgvqXMVUZnR2zJBOBDluuN+wGpFZm9l/7lGH9Cu9d0iO4= |
14 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.coinbase.com
cdn.bootcdn.net
coinbasesfo.xyz
images.ctfassets.net
static-assets.coinbase.com
www.coinbase.com
assets.coinbase.com
120.52.95.234
156.229.129.157
2600:9000:214f:4000:12:94b3:c380:93a1
2606:4700:4400::ac40:9159
03f2a27c6e38c3e8e38b294c2d0c3536b989ff6285388172542b4bedf10291d5
058c99e6e95f4dcd91904c42bd1e55a4e0ff9e138099882c8491515192f35ab0
126270d27d1ac1a29b8d7d01238377840fe79b70212bd230adc6b2d9da82bf38
2191e7bddf9bed16e4d4b5061badef427a60c214885ff8455b024064d46a7062
3e733ce852edc081eb56f3b3ae93d29785af041d46bbfbead6e7daf8f380ba28
585af0e032aca02ae35cbc54f06aa3636f8f1a1e4db3574e32314b7a4a35b1a3
64907943ad200eba70a44fb13c6201041d3dcaf18a8ee764763a8c93a2b480e1
77ebbcdc090eea883b0309d64e5569f817fb832436f7f97f620feb7866ef2f04
7a4f9e751289152f9a146cc931d5698a5faf1fd46521ad445c7e740e7ebbf16e
7fa0d5c3f538c76f878e012ac390597faecaabfe6fb9d459b919258e76c5df8e
906be79c67910dba20ef537da7350da17bbda512aaf734a896f8208122bc4fab
90f8204b9f832e15d7825b691c9c44b2f5ed165f46ee62137a3d7dd3e76623ae
e6e28a8fb9b74533ece152229dafcc3ebc0f4b3dcd62879df115706bce55927d