IOC Radar
DomainMediumSignal 0/100

coinbase.com

Location
United KingdomUnited Kingdom
First Seen
Mar 4, 2025
Last Seen
Jun 7, 2026
Mar 4
First Seen
473d ago
Jun 7
Last Seen
13d ago
1
Reports
source reports
0%
Confidence
medium
Found in 1 report. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

1 report0% confidence
1
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC) pertains to coinbase.com, a legitimate and widely recognized financial service domain, which has been explicitly marked as whitelisted within threat intelligence feeds. The assigned threat score for this IOC is a negligible 0.0, clearly indicating that it does not represent an immediate or direct threat to the organization's security posture. Its presence in security logs should be understood as routine network activity rather than a sign of compromise or malic…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
1
Reports
First seenMar 4, 2025
Last seenJun 7, 2026

VirusTotal

Not checked

WHOIS

registrar
MarkMonitor Inc.
domain rank
1381
raw
Creation Date: 2011-07-02T18:23:22+0000 Creation Date: 2011-07-02T18:23:22Z DNSSEC: unsigned Domain Name: COINBASE.COM Domain Name: coinbase.com Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited) Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited) Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited) Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited Name Server: SAM.NS.CLOUDFLARE.COM Name Server: SUE.NS.CLOUDFLARE.COM Name Server: sam.ns.cloudflare.com Name Server: sue.ns.cloudflare.com Registrant Country: US Registrant Email: 63d92f8f3d1bf457s@ Registrant Organization: 61f27e156d65e5bb Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2086851750 Registrar IANA ID: 292 Registrar Registration Expiration Date: 2026-07-02T00:00:00+0000 Registrar URL: http://www.markmonitor.com Registrar WHOIS Server: whois.markmonitor.com Registrar: MarkMonitor Inc. Registrar: MarkMonitor, Inc. Registry Domain ID: 1664948272_DOMAIN_COM-VRSN Registry Expiry Date: 2026-07-02T18:23:22Z Updated Date: 2024-06-01T10:33:39+0000 Updated Date: 2024-06-01T10:33:39Z
references
Windows_Trojan_Tofsee.yar, Suspicious New Service Creation (1).yml, S?d Rejonowy w Jeleniej Górze.htm, II Wydzia? Karny - S?d Rejonowy w Jeleniej Górze 1.htm, http://www.jelenia-gora.so.gov.pl/, https://www.jelenia-gora.so.gov.pl/, http://www.jelenia-gora.sr.gov.pl/ogloszenia-komornicze, https://tlumacz.migam.org/sad_rejonowy_jelenia_gora, https://www.jelenia-gora.sr.gov.pl/spacer, https://waf.intelix.pl/957476/Chat/Script/Compatibility, https://thebrotherssabey.wordpress.com/wp-admin/customize.php?url=https://thebrotherssabey.wordpress.com/, Injected: https://www.google.com/search?q=tsara+brashears&prmd=vni&source=lnms&tbm=vid&sa=X&ved=2ahUKEwimqvSyxKrpAhUHTt8KHReZC7wQ_AUoAXoECAsQAQ&biw=375&bih=544&dpr=3/Malicious-Google-Search-Results-False, Antivirus Detections: Win.Packer.pkr_ce1a-9980177-0, IDS Detections: Win32/Tofsee.AX google.com connectivity check, Alerts: procmem_yara injection_inter_process creates_largekey network_bind persistence_autorun injection_process_hollowing, Alerts: persistence_autorun_tasks spawns_dev_util cape_detected_threat deletes_executed_files suricata_alert, Alerts: antivm_generic_disk antivm_generic_services suspicious_command_tools anomalous_deletefile, Alerts: deletes_self injection_runpe persistence_ads antisandbox_sleep dead_connect, Brian Sabey Jeffrey Scott Reimer DPT Eva Lisa Reimer RN & Quasi Government Insurance companies unwilling to pay for critical assault injuries SCI, http://schemas.microsoft.com/SMI/2016/WindowsSettings, honey.exe, 0001c8afa9ca148752e1439140fadb6571b27f455ad1474d85625bcddfb63550, CS Sigma Rules: Suspicious Remote Thread Created by Perez Diego (@darkquassar), oscd.community, CS Sigma Rules: Python Initiated Connection by frack113, CS Sigma Rules: Use Remove-Item to Delete File by frack113, CS Sigma Rules: Suspicious Userinit Child Process by Florian Roth (rule), Samir Bousseaden (idea), Relationship: http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+, api.login.live.com, http://appleid.icloud.com-website33.org/, https://www.milehighmedia.com/legal/2257 [phishing • Brazzers porn], FileHash-SHA256 c030b0a1be8745d192f45.159.189.105743b3c4f4094f33507a5904c184c8db0bde1a91efccb5 [tracking], http://45.159.189.105/bot/regex [Tracking Tsara Brashears involves in person following and or harassment as well], message.htm.com, http://pornhub.com/gay/video/search, CnC IP's: 206.189.61.126 • 217.74.65.23 • 46.8.8.100 • 64.190.63.111, stop following, stalking, hacking, talking, modifying, hijacking, threatening, contacting, sending people to harass target, threats, https://www.anyxxxtube.net/search-porn/tsara-brashears/, https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net, https://twitter.com/silentpush_labs/status/1610712796777283584, apps.apple.com:us:app:coinbase-bitcoin-wallet:id886427730? utm_campaign=campaign_2737332&utm_medium=email&utm_source=Iterable%22,.pdf, apps.apple.com:us:app:coinbase-bitcoin-wallet:id886427730? utm_campaign=campaign_2595260&utm_medium=email&utm_source=Iterable%22,.pdf
subdomains count
541

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 13 days ago
Appeared in 1 threat report