Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://server.cpanelmanager.com/~eastern1/connect/
Detected Brand
Coinbase
Country
International
Confidence
99%
HTTP Status
200
Report ID
fc3f25aa-a7b…
Analyzed
2026-01-01 01:40
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1227114F09990A73752D687D9EB32B77AF3E24146DF870226A6F883894797D41EC02860 |
|
CONTENT
ssdeep
|
48:nrC34Kgfci/Rk17jXXqOJeOyJ45/eeezwIenA2LK7EI8JUCl6IwR+IAuJV:nrCVg00GAOO45iwve7bCloQuT |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f3e34ec8c848e363 |
|
VISUAL
aHash
|
ffefe7ffffff0000 |
|
VISUAL
dHash
|
234c4d325a1a3010 |
|
VISUAL
wHash
|
bde2e3ebff000000 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
2b324d4d321a5a10,0000000000000000,ffdf6b693f3f3f3f,0830342832103008 |
Code Analysis
Threat Level
ALTO
⚠️ Phishing Confirmed
🔬 Threat Analysis Report
• Threat: Cryptocurrency wallet phishing
• Target: Coinbase users
• Method: Fake page to connect crypto wallets, likely leading to theft
• Exfil: Unknown, likely direct wallet compromise
• Indicators: Domain mismatch (server.cpanelmanager.com vs. coinbase.com), wallet connection prompt
• Risk: CRITICAL - Potential for immediate cryptocurrency theft
📡 API Calls Detected
- meta.html
- connect.html
- cn.html
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for server.cpanelmanager.com
Found 5 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.