www.us-coinbase.vip Open in urlscan Pro
34.87.6.208 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.us-coinbase.vip/
Effective URL:
https://www.us-coinbase.vip/index/coinbase/index.html
Submission: On January 02 via automatic, source openphish (January 2nd 2025, 2:14:19 am UTC) — Scanned from US

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 22 HTTP transactions. The main IP is 34.87.6.208, located in Singapore, Singapore and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.us-coinbase.vip.
TLS certificate: Issued by R10 on December 31st 2024. Valid for: 3 months.

This is the only time www.us-coinbase.vip was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coinbase (Crypto Exchange)

Domain & IP information

	IP Address	AS Autonomous System
1 18	34.87.6.208 34.87.6.208	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2600:9000:24f... 2600:9000:24f4:ea00:12:94b3:c380:93a1	16509 (AMAZON-02) (AMAZON-02)
22	2

18 34.87.6.208 (Singapore, Singapore) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 208.6.87.34.bc.googleusercontent.com

www.us-coinbase.vip	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:24f4:ea00:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)

images.ctfassets.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	us-coinbase.vip 1 redirects www.us-coinbase.vip	1 MB
5	ctfassets.net images.ctfassets.net — Cisco Umbrella Rank: 3811	3 MB
22	2

	Domain	Requested by
18	www.us-coinbase.vip	1 redirects www.us-coinbase.vip
5	images.ctfassets.net	www.us-coinbase.vip
22	2

This site contains no links.

Subject Issuer	Validity	Valid
www.coinbase-us.online R10	`2024-12-31` - `2025-03-31`	3 months	crt.sh
images.ctfassets.net Amazon RSA 2048 M02	`2024-11-18` - `2025-12-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.us-coinbase.vip/index/coinbase/index.html
Frame ID: EEA3A7ED5056023E89A212CCDEE5A0F3
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CoinBase

Page URL History Show full URLs

https://www.us-coinbase.vip/ HTTP 302
https://www.us-coinbase.vip/index/coinbase/index.html Page URL

Detected technologies

Contentful (CMS) Expand

Overall confidence: 100%
Detected patterns

<[^>]+(?:https?:)?//(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)

Swiper Slider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swiper(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

4231 kB
Transfer

5623 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.us-coinbase.vip/ HTTP 302
https://www.us-coinbase.vip/index/coinbase/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.html Show response
www.us-coinbase.vip/index/coinbase/
Redirect Chain

https://www.us-coinbase.vip/
https://www.us-coinbase.vip/index/coinbase/index.html

22 KB
6 KB

257ms
256ms

Document
text/html

34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

55de581cc2189bbee29243312d96d3d268f256480abe7538f53c361f43ef2a9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 02 Jan 2025 02:14:13 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

cache-control: no-cache,must-revalidate
content-type: text/html; charset=utf-8
date: Thu, 02 Jan 2025 02:14:12 GMT
location: /index/coinbase/index.html
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 icon.css
www.us-coinbase.vip/template/tmp1/font/ 2 KB
818 B 227ms
226ms Stylesheet
text/css 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/font/icon.css?v=202201

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

1faa54526ac7b1181adf588fd842b7dc00708b63bb2a6a87cdcb2a9eaad1602e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"61e58b9b-79c"
expires: Thu, 02 Jan 2025 14:14:13 GMT
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: text/css
last-modified: Mon, 17 Jan 2022 15:30:35 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 swiper.min.css
www.us-coinbase.vip/template/tmp1/css/ 19 KB
4 KB 229ms
228ms Stylesheet
text/css 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/css/swiper.min.css

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

a0a799fa96b605d3919d8a5c3571e2710eda8752fb42155f034a12ec137cf96b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"61c723d6-4d41"
expires: Thu, 02 Jan 2025 14:14:13 GMT
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: text/css
last-modified: Sat, 25 Dec 2021 13:59:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 Consumer_Wordmark.svg
www.us-coinbase.vip/template/tmp1/coinbase/ 4 KB
2 KB 229ms
229ms Image
image/svg+xml 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.us-coinbase.vip/template/tmp1/coinbase/Consumer_Wordmark.svg

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

126270d27d1ac1a29b8d7d01238377840fe79b70212bd230adc6b2d9da82bf38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"61ee937b-ecc"
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: image/svg+xml
last-modified: Mon, 24 Jan 2022 11:54:35 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 Hero_Combo_Lockup_v2.svg
www.us-coinbase.vip/template/tmp1/coinbase/ 2 MB
1 MB 452ms
452ms Image
image/svg+xml 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.us-coinbase.vip/template/tmp1/coinbase/Hero_Combo_Lockup_v2.svg

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

2c4d7580f42fdf7acb1f1c83f54f15d6acfe93f3f54a65cc778ebecbd3cec028

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
etag: W/"664b3c41-1d0abc"
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: image/svg+xml
last-modified: Mon, 20 May 2024 12:04:17 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 Frame_316125839__1_.png
images.ctfassets.net/o10es7wu5gm1/1u95dVKhNgTeTjMreQvQeS/a026e10325de339139f14230cd784378/ 626 KB
627 KB 116ms
28ms Image
image/png 2600:9000:24f4:ea00:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/o10es7wu5gm1/1u95dVKhNgTeTjMreQvQeS/a026e10325de339139f14230cd784378/Frame_316125839__1_.png
Requested by: Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f4:ea00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 97bbfbca34d671bf26eaf7c465031cdb8f9bed85a38f050f73aa7c76a27e6710

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/

Response headers

cache-control: max-age=31536000
etag: "7426894d1fae77ee05a9d5b47d572778"
age: 54147
via: 1.1 b64454e3c1123ac098282f1036154740.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
content-length: 641178
x-amz-cf-id: ZrTnBW_KA6sEZEjNAmvyt0m3DG9tVdiNrebIxegzvZMkcn6PqSVbNw==
date: Wed, 01 Jan 2025 11:44:02 GMT
content-type: image/png
last-modified: Sun, 05 May 2024 23:22:04 GMT
server: Contentful Images API
x-amz-cf-pop: IAD55-P3
vary: Accept-Encoding

GET
H2 200 SECOND_IMAGE.svg
images.ctfassets.net/o10es7wu5gm1/5eir6J8aQLCSQzbii1pGMo/c641de899e6d777dddb260e91001df99/ 103 KB
35 KB 101ms
14ms Image
image/svg+xml 2600:9000:24f4:ea00:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/o10es7wu5gm1/5eir6J8aQLCSQzbii1pGMo/c641de899e6d777dddb260e91001df99/SECOND_IMAGE.svg
Requested by: Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f4:ea00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 3f242fb4cd7ba3bc8a9ff38a006950abb9c78fe114740809855a0f7ed12e0154

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/

Response headers

cache-control: max-age=31536000
content-encoding: gzip
etag: W/"7bc1faf20027714bead7f204a988d806"
age: 66521
via: 1.1 b64454e3c1123ac098282f1036154740.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-id: cY2F4hTyMlSA_Ya7fBbh_sIlJM9Yu5Ooj1dsRddl5H8Ievc_arKN2A==
date: Wed, 01 Jan 2025 08:10:48 GMT
content-type: image/svg+xml
last-modified: Fri, 10 May 2024 01:40:29 GMT
server: Contentful Images API
x-amz-cf-pop: IAD55-P3
vary: Accept-Encoding

GET
H2 200 THIRD_IMAGE.svg
images.ctfassets.net/o10es7wu5gm1/3w58zziYjPMth5KK5lRC6J/dd0bc63fe221dbbb694635407f2c3da2/ 2 MB
1 MB 103ms
16ms Image
image/svg+xml 2600:9000:24f4:ea00:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/o10es7wu5gm1/3w58zziYjPMth5KK5lRC6J/dd0bc63fe221dbbb694635407f2c3da2/THIRD_IMAGE.svg
Requested by: Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f4:ea00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 6215fbaa5bd78aa2d348537b3f92b05cd2232d8a9ca1aff0c37756f376b8557d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/

Response headers

cache-control: max-age=31536000
content-encoding: gzip
etag: W/"c1b25dd6e9d4dc7849c8fdbf66c4453f"
age: 63902
via: 1.1 b64454e3c1123ac098282f1036154740.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-id: 8F5niD-XP-BG6_HOqYkbnewOJYFhIVOvxl8BGzFOieZmS0Gl4-LVPA==
date: Wed, 01 Jan 2025 08:38:40 GMT
content-type: image/svg+xml
last-modified: Mon, 20 May 2024 12:04:38 GMT
server: Contentful Images API
x-amz-cf-pop: IAD55-P3
vary: Accept-Encoding

GET
H2 200 Aspect_Ratio.png
images.ctfassets.net/o10es7wu5gm1/7yy79nASc1pZRp7ZBK7unh/057b59f699b8db9e16872391db07ce45/ 470 KB
471 KB 102ms
17ms Image
image/png 2600:9000:24f4:ea00:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/o10es7wu5gm1/7yy79nASc1pZRp7ZBK7unh/057b59f699b8db9e16872391db07ce45/Aspect_Ratio.png
Requested by: Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f4:ea00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: 197431758d5963e702be80069989b92107a2e47971bddba3c05cdf8e4d87eac9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/

Response headers

cache-control: max-age=31536000
etag: "30c86763353b78f5017a91de2c4d31b0"
age: 57234
via: 1.1 b64454e3c1123ac098282f1036154740.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
content-length: 481355
x-amz-cf-id: -nxg0oXXmR-TnIGPYJsURibDtpF9FIqEhlMsPS4FODs619anINpPqQ==
date: Wed, 01 Jan 2025 10:20:20 GMT
content-type: image/png
last-modified: Fri, 10 May 2024 01:38:43 GMT
server: Contentful Images API
x-amz-cf-pop: IAD55-P3
vary: Accept-Encoding

GET
H2 200 fiat_onramps.png
images.ctfassets.net/o10es7wu5gm1/6aSxFgnm0HdS6PepPdYHhU/53b65a0fd095047688db1843210d8df8/ 135 KB
135 KB 103ms
18ms Image
image/png 2600:9000:24f4:ea00:12:94b3:c380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.ctfassets.net/o10es7wu5gm1/6aSxFgnm0HdS6PepPdYHhU/53b65a0fd095047688db1843210d8df8/fiat_onramps.png
Requested by: Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24f4:ea00:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Contentful Images API /
Resource Hash: e723656410826f35f579666559699c572a37a6901e14d394468046808e2bd2ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/

Response headers

cache-control: max-age=31536000
etag: "2c9ccf5111234ef8f0bc7a64e896c61e"
age: 57215
via: 1.1 b64454e3c1123ac098282f1036154740.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
content-length: 138174
x-amz-cf-id: kEybN4tLx4_mcqxFw6BOe59BMotKgRg-2aXdW7ETwEDV22nf3CAGTQ==
date: Wed, 01 Jan 2025 10:20:39 GMT
content-type: image/png
last-modified: Fri, 10 May 2024 01:38:42 GMT
server: Contentful Images API
x-amz-cf-pop: IAD55-P3
vary: Accept-Encoding

GET
H2 200 swiper.min.js Show response
www.us-coinbase.vip/template/tmp1/js/ 122 KB
37 KB 658ms
656ms Script
application/javascript 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/js/swiper.min.js

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

df178d935914fb63c2880bd93c76c7cae03e199962799b58cfff6916f60b9e3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"61c723d6-1e744"
expires: Thu, 02 Jan 2025 14:14:13 GMT
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: application/javascript
last-modified: Sat, 25 Dec 2021 13:59:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 jquery-1.7.2.min.js Show response
www.us-coinbase.vip/template/tmp1/js/ 93 KB
37 KB 660ms
658ms Script
application/javascript 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/js/jquery-1.7.2.min.js

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"61c723d6-17278"
expires: Thu, 02 Jan 2025 14:14:13 GMT
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: application/javascript
last-modified: Sat, 25 Dec 2021 13:59:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 layerm.js Show response
www.us-coinbase.vip/template/tmp1/layerm/ 5 KB
2 KB 660ms
659ms Script
application/javascript 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/layerm/layerm.js

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

b74a196c7eeb55af915516b36b7ef4e22d26032835a682431f2d6110b33d68b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"61cc4c96-1271"
expires: Thu, 02 Jan 2025 14:14:13 GMT
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: application/javascript
last-modified: Wed, 29 Dec 2021 11:55:02 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 layer.js Show response
www.us-coinbase.vip/template/tmp1/js/ 22 KB
9 KB 658ms
657ms Script
application/javascript 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/js/layer.js

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

a97e4941ceb1a7df7bcf5e9631b8d9e8f7b47d7ccb59b5ed3968380465e0e824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"61c723d6-58d2"
expires: Thu, 02 Jan 2025 14:14:13 GMT
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: application/javascript
last-modified: Sat, 25 Dec 2021 13:59:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 common_en.js Show response
www.us-coinbase.vip/template/tmp1/js/coinbase/ 5 KB
2 KB 658ms
657ms Script
application/javascript 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/js/coinbase/common_en.js?v=20220108

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/index/coinbase/index.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

522541a4fde0cef8ad13dc43d6942d8b6b50eeae78c622e82abe3d10c50a93ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"622d5d61-14d1"
expires: Thu, 02 Jan 2025 14:14:13 GMT
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: application/javascript
last-modified: Sun, 13 Mar 2022 02:56:33 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 iconfont.ttf
www.us-coinbase.vip/template/tmp1/font/ 9 KB
9 KB 615ms
615ms Font
application/octet-stream 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/font/iconfont.ttf?t=1642433377844

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/template/tmp1/font/icon.css?v=202201

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

e4b4089a32d0776ad7b904db77aa61339fa0c44056711fd251768216969477cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://www.us-coinbase.vip
Referer: https://www.us-coinbase.vip/template/tmp1/font/icon.css?v=202201

Response headers

strict-transport-security: max-age=31536000
etag: "61e58b9b-2360"
accept-ranges: bytes
content-length: 9056
date: Thu, 02 Jan 2025 02:14:13 GMT
content-type: application/octet-stream
last-modified: Mon, 17 Jan 2022 15:30:35 GMT
server: nginx

GET
H2 200 layer.css
www.us-coinbase.vip/template/tmp1/layerm/need/ 5 KB
2 KB 441ms
440ms Stylesheet
text/css 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/layerm/need/layer.css?2.0

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/template/tmp1/layerm/layerm.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"61c723d6-148c"
expires: Thu, 02 Jan 2025 14:14:14 GMT
date: Thu, 02 Jan 2025 02:14:14 GMT
content-type: text/css
last-modified: Sat, 25 Dec 2021 13:59:50 GMT
server: nginx
vary: Accept-Encoding

GET
H2 200 layer.css
www.us-coinbase.vip/template/tmp1/js/theme/default/ 14 KB
3 KB 442ms
440ms Stylesheet
text/css 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/js/theme/default/layer.css?v=3.5.1

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/template/tmp1/js/layer.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=43200
content-encoding: gzip
etag: W/"61c723d6-37bf"
expires: Thu, 02 Jan 2025 14:14:14 GMT
date: Thu, 02 Jan 2025 02:14:14 GMT
content-type: text/css
last-modified: Sat, 25 Dec 2021 13:59:50 GMT
server: nginx
vary: Accept-Encoding

POST
H2 200 ping Show response
www.us-coinbase.vip/index/coinbase/ 0
151 B 438ms
437ms XHR
text/html 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/index/coinbase/ping

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/template/tmp1/js/jquery-1.7.2.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.us-coinbase.vip/index/coinbase/index.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 02 Jan 2025 02:14:14 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: nginx

POST
H2 200 message Show response
www.us-coinbase.vip/index/coinbase/ 105 B
241 B 438ms
436ms XHR
application/json 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/index/coinbase/message?time=1735784054000

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/template/tmp1/js/jquery-1.7.2.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

842d8d02edf7ddf3d9b8fd4180c1a5a80dd373b67b6e97d9093853aed52dd527

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.us-coinbase.vip/index/coinbase/index.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 02 Jan 2025 02:14:14 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 favicon.png
www.us-coinbase.vip/template/tmp1/coinbase/ 557 B
762 B 225ms
225ms Other
image/png 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/template/tmp1/coinbase/favicon.png?v=2022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

b90cdcbe9e842bf371d9c5e7dd13359fde26879a4642ad6f752e86a65fab4fb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.us-coinbase.vip/index/coinbase/index.html

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=2592000
etag: "61ee937b-22d"
expires: Sat, 01 Feb 2025 02:14:15 GMT
accept-ranges: bytes
content-length: 557
date: Thu, 02 Jan 2025 02:14:15 GMT
content-type: image/png
last-modified: Mon, 24 Jan 2022 11:54:35 GMT
server: nginx

POST
H2 200 message Show response
www.us-coinbase.vip/index/coinbase/ 105 B
241 B 257ms
255ms XHR
application/json 34.87.6.208
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.us-coinbase.vip/index/coinbase/message?time=1735784057000

Requested by

Host: www.us-coinbase.vip
URL: https://www.us-coinbase.vip/template/tmp1/js/jquery-1.7.2.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.87.6.208 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

208.6.87.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

842d8d02edf7ddf3d9b8fd4180c1a5a80dd373b67b6e97d9093853aed52dd527

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.us-coinbase.vip/index/coinbase/index.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
date: Thu, 02 Jan 2025 02:14:17 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coinbase (Crypto Exchange)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

images.ctfassets.net
www.us-coinbase.vip
2600:9000:24f4:ea00:12:94b3:c380:93a1
34.87.6.208
126270d27d1ac1a29b8d7d01238377840fe79b70212bd230adc6b2d9da82bf38
197431758d5963e702be80069989b92107a2e47971bddba3c05cdf8e4d87eac9
1faa54526ac7b1181adf588fd842b7dc00708b63bb2a6a87cdcb2a9eaad1602e
2c4d7580f42fdf7acb1f1c83f54f15d6acfe93f3f54a65cc778ebecbd3cec028
3f242fb4cd7ba3bc8a9ff38a006950abb9c78fe114740809855a0f7ed12e0154
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
522541a4fde0cef8ad13dc43d6942d8b6b50eeae78c622e82abe3d10c50a93ad
55de581cc2189bbee29243312d96d3d268f256480abe7538f53c361f43ef2a9a
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540
6215fbaa5bd78aa2d348537b3f92b05cd2232d8a9ca1aff0c37756f376b8557d
842d8d02edf7ddf3d9b8fd4180c1a5a80dd373b67b6e97d9093853aed52dd527
97bbfbca34d671bf26eaf7c465031cdb8f9bed85a38f050f73aa7c76a27e6710
a0a799fa96b605d3919d8a5c3571e2710eda8752fb42155f034a12ec137cf96b
a97e4941ceb1a7df7bcf5e9631b8d9e8f7b47d7ccb59b5ed3968380465e0e824
b74a196c7eeb55af915516b36b7ef4e22d26032835a682431f2d6110b33d68b0
b90cdcbe9e842bf371d9c5e7dd13359fde26879a4642ad6f752e86a65fab4fb5
df178d935914fb63c2880bd93c76c7cae03e199962799b58cfff6916f60b9e3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b4089a32d0776ad7b904db77aa61339fa0c44056711fd251768216969477cc
e723656410826f35f579666559699c572a37a6901e14d394468046808e2bd2ba
eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6

www.us-coinbase.vip Open in urlscan Pro 34.87.6.208 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

4231 kBTransfer

5623 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

www.us-coinbase.vip Open in urlscan Pro
34.87.6.208 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

4231 kB
Transfer

5623 kB
Size

0
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!