urlscan.io logo urlscan.io
SecurityTrails logo

home-nav-coinbase-nav-auth.webflow.io Open in urlscan Pro
2606:4700:4400::ac40:9708  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://home-nav-coinbase-nav-auth.webflow.io/
Submission: On December 29 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 8 HTTP transactions. The main IP is 2606:4700:4400::ac40:9708, located in United States and belongs to CLOUDFLARENET, US. The main domain is home-nav-coinbase-nav-auth.webflow.io.
TLS certificate: Issued by WE1 on December 11th 2024. Valid for: 3 months.
This is the only time home-nav-coinbase-nav-auth.webflow.io was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coinbase (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:440... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
3 13.33.251.183 16509 (AMAZON-02)
8 3
Apex Domain
Subdomains		 Transfer
4 website-files.com
cdn.prod.website-files.com — Cisco Umbrella Rank: 6218
399 KB
3 cloudfront.net
d3e54v103j8qbb.cloudfront.net
35 KB
1 webflow.io
home-nav-coinbase-nav-auth.webflow.io
2 KB
8 3
Domain Requested by
4 cdn.prod.website-files.com home-nav-coinbase-nav-auth.webflow.io
3 d3e54v103j8qbb.cloudfront.net home-nav-coinbase-nav-auth.webflow.io
1 home-nav-coinbase-nav-auth.webflow.io
8 3

This site contains links to these domains. Also see Links.

Domain
webflow.com
Subject Issuer Validity Valid
webflow.io
WE1		 2024-12-11 -
2025-03-11		 3 months crt.sh
prod.website-files.com
WE1		 2024-12-19 -
2025-03-19		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://home-nav-coinbase-nav-auth.webflow.io/
Frame ID: 04DCBBD641D5704D0244E45565DDD464
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Coinbase Sign In

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

436 kB
Transfer

560 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
home-nav-coinbase-nav-auth.webflow.io/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://home-nav-coinbase-nav-auth.webflow.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:4400::ac40:9708 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bfa6769b661d789b7862e4aafa810e015c94bb6aae2b9d0e1a2ca0f18fee26e9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
223870
alt-svc
h3=":443"; ma=86400
cf-cache-status
HIT
cf-ray
8f9bf31a780b4366-EWR
content-encoding
gzip
content-security-policy
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com
content-type
text/html
date
Sun, 29 Dec 2024 18:45:52 GMT
last-modified
Sat, 21 Dec 2024 04:33:05 GMT
priority
u=0,i
server
cloudflare
server-timing
cfExtPri
surrogate-control
max-age=2147483647
surrogate-key
home-nav-coinbase-nav-auth.webflow.io 674425d83c1c278ddb3d2f54 pageId:674425dd3c1c278ddb3d3800
vary
Accept-Encoding
x-lambda-id
4f2c8da6-2089-4fbb-be2a-a4b1b1107ac2
home-nav-coinbase-nav-auth.webflow.ce67eee42.css
cdn.prod.website-files.com/674425d83c1c278ddb3d2f54/css/ 		35 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/674425d83c1c278ddb3d2f54/css/home-nav-coinbase-nav-auth.webflow.ce67eee42.css
Requested by
Host: home-nav-coinbase-nav-auth.webflow.io
URL: https://home-nav-coinbase-nav-auth.webflow.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:a075 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c219bd77b1a92ccd8e6a3ee098a0bc34a65f56c666660ff934b4638d4ad681f3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://home-nav-coinbase-nav-auth.webflow.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"b6a57deb813fab88fe5f35ba5bb2c342"
x-amz-version-id
23Cn1D9qmLv3A7mFHPI15DTu4trnufhD
age
223870
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 29 Dec 2024 18:45:52 GMT
content-type
text/css
last-modified
Mon, 25 Nov 2024 07:24:24 GMT
vary
Accept-Encoding
priority
u=0,i=?0
x-amz-id-2
krDF4DBmKjJvMLZy35MovkuCtDVeSInwY71G1oaR8kXkNWO0Trdn6b+Dem5tEMbvaYLMiTb/OxM=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
1Y54320YDN66JGNP
cf-ray
8f9bf31b89ed431b-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
8300
server
cloudflare
x-amz-server-side-encryption
AES256
jquery-3.5.1.min.dc5e7f18c8.js
d3e54v103j8qbb.cloudfront.net/js/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=674425d83c1c278ddb3d2f54
Requested by
Host: home-nav-coinbase-nav-auth.webflow.io
URL: https://home-nav-coinbase-nav-auth.webflow.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.251.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-251-183.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://home-nav-coinbase-nav-auth.webflow.io
Referer
https://home-nav-coinbase-nav-auth.webflow.io/

Response headers

access-control-max-age
3000
content-encoding
br
etag
W/"dc5e7f18c8d36ac1d3d4753a87c98d0a"
age
17587
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
Nn0xmfaKQ6IYew5A7BKkMkSVlXesfzErH3Xu8ekRcgx9Fy_NbtNoyw==
date
Sun, 29 Dec 2024 13:52:46 GMT
content-type
application/javascript
last-modified
Mon, 20 Jul 2020 17:53:02 GMT
vary
accept-encoding
cache-control
max-age=84600, must-revalidate
via
1.1 cfc9f11ee8d72e5bdd45ea3851048d52.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
JFK50-P10
server
AmazonS3
webflow.7e939bc70.js
cdn.prod.website-files.com/674425d83c1c278ddb3d2f54/js/ 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/674425d83c1c278ddb3d2f54/js/webflow.7e939bc70.js
Requested by
Host: home-nav-coinbase-nav-auth.webflow.io
URL: https://home-nav-coinbase-nav-auth.webflow.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:a075 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcf8b8299787278f2b1362b64e8f79ded08975b41be2841dedcd8dec2f5580f8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://home-nav-coinbase-nav-auth.webflow.io/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
"f9dd65064b62ccff2d97c44d8b6fb974"
x-amz-version-id
W08bC6HYBTBGYpp.ABYLHalWcFrUxdP3
age
223870
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 29 Dec 2024 18:45:52 GMT
content-type
text/javascript
last-modified
Mon, 25 Nov 2024 07:24:24 GMT
vary
Accept-Encoding
priority
u=1,i=?0
x-amz-id-2
tlCii9+axtFi36osWmqxMUN9v9QS1Ilu9Q8u07kI6Eplbg5q83TXV+MhlSt8UMa8bjtnkS/vpbI=
cache-control
public, max-age=31536000, immutable
x-amz-request-id
2W7564AJ6F35Z78J
cf-ray
8f9bf31b89ef431b-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
13723
server
cloudflare
x-amz-server-side-encryption
AES256
webflow-badge-icon-d2.89e12c322e.svg
d3e54v103j8qbb.cloudfront.net/img/ 		421 B
846 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e54v103j8qbb.cloudfront.net/img/webflow-badge-icon-d2.89e12c322e.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.251.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-251-183.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
00f45354c11a12591485977633a0e03952cdf1ff2de403e10ec846db8cc508a9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://home-nav-coinbase-nav-auth.webflow.io/

Response headers

etag
"89e12c322e66c81213861fc9acb8b003"
age
13101
x-cache
Hit from cloudfront
x-amz-cf-id
Hn7qH0d9_7OxJlBieEDAhq776hklxQSuSXqbzUG8QQQqgWWHSRvcQQ==
date
Sun, 29 Dec 2024 15:07:32 GMT
content-type
image/svg+xml
vary
accept-encoding
last-modified
Thu, 21 Sep 2023 16:04:04 GMT
cache-control
max-age=84600, must-revalidate
via
1.1 c6f8ebe3e9184b5af4e1db5847736f9c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
421
x-amz-cf-pop
JFK50-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
webflow-badge-text-d2.c82cec3b78.svg
d3e54v103j8qbb.cloudfront.net/img/ 		10 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3e54v103j8qbb.cloudfront.net/img/webflow-badge-text-d2.c82cec3b78.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.251.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-251-183.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3202cb640fada345ab99415bd087f28e6fea1c3009dba51d183cc37bce036cd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://home-nav-coinbase-nav-auth.webflow.io/

Response headers

vary
accept-encoding
cache-control
max-age=84600, must-revalidate
content-encoding
gzip
etag
W/"c82cec3b78a2b2d267bbfe3c7e838068"
age
82850
via
1.1 c6f8ebe3e9184b5af4e1db5847736f9c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
S278edAsSBzqzn1TSF0cCyZDW_OkEuGqeHYtfWhhdy6QvdqeQM7XWA==
date
Sat, 28 Dec 2024 19:45:03 GMT
content-type
image/svg+xml
last-modified
Thu, 21 Sep 2023 16:04:31 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P10
x-amz-server-side-encryption
AES256
favicon.ico
cdn.prod.website-files.com/img/ 		15 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.website-files.com/img/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:a075 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4239819d399860eb27d8a73417f9bd108d45d11676f68b5edaae328ec197d55e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://home-nav-coinbase-nav-auth.webflow.io/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"1f894f487d068a2ced95d5cd4f88598c"
x-amz-version-id
C5TuT6ObkzP1GjuEGkIHJatwDHqj5J6N
age
42538
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 29 Dec 2024 18:45:52 GMT
content-type
image/x-icon
last-modified
Thu, 05 Oct 2023 23:38:20 GMT
vary
Accept-Encoding
priority
u=1,i
x-amz-id-2
QRs3q+dhKhAMTlvzYZ9HsOXkYLhQn66tiVr3vbhVW/V2FbAxceQ9QjMXwPqcyzjtLgD1BjyzKEE=
cache-control
max-age=84600, must-revalidate
x-amz-request-id
BSTN61CAHM9SMTMC
cf-ray
8f9bf31c0a7b431b-EWR
access-control-allow-origin
*
server
cloudflare
x-amz-server-side-encryption
AES256
6744261cf9905d292834902b_coinbase%20pro.jpeg
cdn.prod.website-files.com/674425d83c1c278ddb3d2f54/ 		374 KB
375 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.prod.website-files.com/674425d83c1c278ddb3d2f54/6744261cf9905d292834902b_coinbase%20pro.jpeg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:a075 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84c8f3e18e17648e411a1465b9b93b6398bfd2c549817dddc53b33f88d21faa5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://home-nav-coinbase-nav-auth.webflow.io/

Response headers

cf-bgj
h2pri
etag
"6842cc254e6e650641b8c97d84273016"
x-amz-version-id
ZeeyS0e00kXpWopxQBVzd0f5aFema4Wp
cf-cache-status
HIT
age
223870
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Sun, 29 Dec 2024 18:45:52 GMT
content-type
image/jpeg
last-modified
Mon, 25 Nov 2024 07:24:14 GMT
vary
Accept-Encoding
priority
u=3,i
x-amz-id-2
360pdjJZHGwbkK4mpZFGrPZhCOhVCvMeviI8ApuQN0fl5EJRBjMg4t+H8UX5sdmBcJ9N0J6BHdk=
cache-control
max-age=31536000, must-revalidate
x-amz-request-id
TJGW3X299WQ3H7WC
cf-ray
8f9bf31c3ab2431b-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
382933
server
cloudflare
x-amz-server-side-encryption
AES256

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coinbase (Crypto Exchange)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| tram object| Webflow

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com