EN ES PT
Back to Stats

Visual Capture

Screenshot of started-extnsn-coinbase.square.site

Detection Info

http://started-extnsn-coinbase.square.site
Detected Brand
Coinbase
Country
International
Confidence
100%
HTTP Status
200
Report ID
aebb2e7b-db3…
Analyzed
2026-01-01 21:15
Final URL (after redirects)
https://started-extnsn-coinbase.square.site/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T165C391D55628438CA04B897DEF2FFE05131FB4AAB95489802A4EC26CD2DF8D6F71752C
CONTENT ssdeep
1536:UyWYCRQ7HLdCzlFsR8MLqc3qFsR8MLqceD0:xCRQ7HBFV1

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
aad52ad5aa55aa54
VISUAL aHash
ffffffffffff0000
VISUAL dHash
4000000000011011
VISUAL wHash
0040000000000000
VISUAL colorHash
07200030000
VISUAL cropResistant
4000000000000000,0000000812111509

Code Analysis

Risk Score 100/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Cryptocurrency phishing targeting Coinbase users
• Target: Coinbase users
• Method: Fake Coinbase interface to steal credentials or seed phrases
• Exfil: Unknown, likely a custom API endpoint
• Indicators: Domain mismatch, free hosting on square.site, obfuscated JavaScript, forms detected, JavaScript form submission
• Risk: HIGH - Immediate risk of cryptocurrency theft

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • base64_strings

🎯 Kit Endpoints

  • https://google.com/recaptcha/admin/migrate

📡 API Calls Detected

  • POST
  • /app/cms/ping
  • HEAD
  • GET
  • https://api.squareup.com/messenger/inbound/external

Scan History for started-extnsn-coinbase.square.site

Found 1 other scan for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.