wallet.coinbase.com.142-4-0-129.cprapid.com
Open in
urlscan Pro
142.4.0.129
Malicious Activity!
Public Scan
Submitted URL: https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/
Effective URL: https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/Wallet.html
Submission Tags: @ecarlesi possiblethreat phishing metamask Search All
Submission: On December 03 via api from IT — Scanned from IT
Effective URL: https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/Wallet.html
Submission Tags: @ecarlesi possiblethreat phishing metamask Search All
Submission: On December 03 via api from IT — Scanned from IT
Summary
This website contacted 4 IPs
in 1 countries
across 3 domains to perform 16 HTTP transactions.
The main IP is 142.4.0.129, located in
United States and
belongs to UNIFIEDLAYER-AS-1, US.
The main domain is wallet.coinbase.com.142-4-0-129.cprapid.com.
TLS certificate: Issued by R11 on December 3rd 2024. Valid for: 3 months.
This is the only time wallet.coinbase.com.142-4-0-129.cprapid.com was scanned on urlscan.io!
TLS certificate: Issued by R11 on December 3rd 2024. Valid for: 3 months.
This is the only time wallet.coinbase.com.142-4-0-129.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Coinbase (Crypto Exchange)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 13 | 142.4.0.129 142.4.0.129 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 1 | 142.250.184.234 142.250.184.234 | 15169 (GOOGLE) (GOOGLE) | |
| 4 | 142.250.185.195 142.250.185.195 | 15169 (GOOGLE) (GOOGLE) | |
| 16 | 4 |
13
142.4.0.129
(United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 142-4-0-129.unifiedlayer.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 142-4-0-129.unifiedlayer.com
| wallet.coinbase.com.142-4-0-129.cprapid.com |
1
142.250.184.234
(United States)
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f10.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f10.1e100.net
| fonts.googleapis.com |
4
142.250.185.195
(United States)
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net
| fonts.gstatic.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 13 |
cprapid.com
2 redirects
wallet.coinbase.com.142-4-0-129.cprapid.com |
378 KB |
| 4 |
gstatic.com
fonts.gstatic.com |
33 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29 |
781 B |
| 16 | 3 |
| Domain | Requested by | |
|---|---|---|
| 13 | wallet.coinbase.com.142-4-0-129.cprapid.com |
2 redirects
wallet.coinbase.com.142-4-0-129.cprapid.com
|
| 4 | fonts.gstatic.com |
wallet.coinbase.com.142-4-0-129.cprapid.com
fonts.googleapis.com |
| 1 | fonts.googleapis.com |
wallet.coinbase.com.142-4-0-129.cprapid.com
|
| 16 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| metamask.github.io |
| metamask.io |
| github.com |
| gitcoin.co |
| shop.spreadshirt.com |
| metamask.zendesk.com |
| twitter.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| mail.wallet.coinbase.com.142-4-0-129.cprapid.com R11 |
2024-12-03 - 2025-03-03 |
3 months | crt.sh |
| upload.video.google.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
| *.gstatic.com WR2 |
2024-10-21 - 2025-01-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/Wallet.html
Frame ID: 3F05376C6A77BFF667FA995E6B606994
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Coinbase WalletPage URL History Show full URLs
-
https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/
HTTP 302
https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/ HTTP 302
https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/Wallet.html Page URL
Detected technologies
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
URL: https://metamask.github.io/metamask-docs/
Title: Documentation
Title: Documentation
Search URL Search Domain Scan URL
URL: https://metamask.io/institutions.html
Title: Coinbase Institutional
Title: Coinbase Institutional
Search URL Search Domain Scan URL
URL: https://github.com/MetaMask/metamask-extension
Title: GitHub
Title: GitHub
Search URL Search Domain Scan URL
URL: https://gitcoin.co/metamask/
Title: Gitcoin
Title: Gitcoin
Search URL Search Domain Scan URL
URL: https://shop.spreadshirt.com/metamask/
Title: Swag Shop
Title: Swag Shop
Search URL Search Domain Scan URL
URL: https://metamask.zendesk.com/hc/en-us/requests/new?ticket_form_id=3641
Title: Press & Partnerships
Title: Press & Partnerships
Search URL Search Domain Scan URL
URL: https://twitter.com/metamask
Title: Twitter
Title: Twitter
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/
HTTP 302
https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/ HTTP 302
https://wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/Wallet.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
Wallet.html
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/ Redirect Chain
|
11 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
normalize.css
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webflow.css
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
42 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
metamask-staging-2.webflow.css
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
138 KB 138 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webfont.js
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
13 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.js
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tags.js
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
752 B 969 B |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mms.svg
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
784 B 781 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 2 KB |
Font
application/x-font-ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
EuclidCircularB-Regular-WebXL.woff2
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
fonts.gstatic.com/s/changaone/v18/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
fonts.gstatic.com/s/changaone/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
fonts.gstatic.com/s/changaone/v18/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
fonts.gstatic.com/s/changaone/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
wallet.coinbase.com.142-4-0-129.cprapid.com/Metamask/8609db3/style/ |
6 KB 6 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Coinbase (Crypto Exchange)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| WebFont function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
wallet.coinbase.com.142-4-0-129.cprapid.com
142.250.184.234
142.250.185.195
142.4.0.129
126270d27d1ac1a29b8d7d01238377840fe79b70212bd230adc6b2d9da82bf38
25194b73ec31c5fa1e315cd30fd7428f4075d725740663aea2e60d1de61288cb
307f430707593bccbab8d109dbe22babf31cba01754fd2cb99d22dc823934272
48f9f20754677b411e99d81d040cc4f38a2edbc2abece94dde9d65785a9002db
7fab334d1b7f1b03927db20ecf09f987e4bd4c00e33344ccf3251930ffe2b29b
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
84cba7c0b164d62d0031c2aad97fe2b9484d1ef8eb12d299d179046eea3068f0
883add600eb3c8a19af11196660737076b2da251cda7de48c46a202dd6099484
8daea9a40be31e567300edc7daeb077f232cf7c32baed3aebff9ee9260b0d5a0
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b
9a50821b46158c264ae8c3bac28c40e317f9ab2b7c5c45b00c7574c7724665c4
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
f52dde44d3a2b84212b473277a9578196dc09bf9b2d572d2f8f7c3fbb8815fa5
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18