Coinbase clone generic

Detects a cloned version of the Coinbase website from the past that uses the same amplitude.js API key as well as the same Google Site Verification keys, they used to use.

References

Recent Detections

None found yet

We've not seen any sites matching this indicator yet. Try scanning a site you think matches this rule:

IOK Rule (edit)

title: Coinbase clone generic
description: |
    Detects a cloned version of the Coinbase website from the past 
    that uses the same `amplitude.js` API key as well as the same 
    Google Site Verification keys, they used to use.
    
references:
  - https://urlscan.io/result/cf711368-757f-4ed2-b45b-47849e93c2c7
  - https://urlscan.io/result/85d74c2c-b751-4f99-8888-c73518b38919

detection:

  googleSiteVerificationKeyOne:
    html|contains: 'R7G5THr8xgaHFkTNkr_RUB0HvX2Nf8e4qnWi0X1kmz8'

  googleSiteVerificationKeyTwo:
    html|contains: '_GaQTkOlc8tLwxDbZfMdxgGPL5wnctrp-vfeavJVsHE'

  amplitudeJSKey:
    js|contains: '132e62b5953ce8d568137d5887b6b7ab'
    
  condition: googleSiteVerificationKeyOne and googleSiteVerificationKeyTwo and amplitudeJSKey