Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://8193webauthenticationsign-appdashboard24h.crabdance.com/gigx?c_ds_na=AHjwcf9N4KYXCoxfoAD7yqcjY9PHe3ty0BecM0FMlu&c_ds_no=%2A%2F%2A
Detected Brand
Coinbase
Country
International
Confidence
100%
HTTP Status
N/A
Report ID
b9b009db-399…
Analyzed
2026-03-04 09:05
Final URL (after redirects)
https://8193webauthenticationsign-app.duia.ro/gigx?c_ds_na=aQsWRsDsZwLPuLuUxokSicAf1YX8TWRFEZBoE7iXrP&c_ds_no=text%2Fhtml%2Capplication%2Fxhtml%2Bxml%2Capplication%2Fxml%3Bq%3D0.9%2Cimage%2Favif%2Cimage%2Fwebp%2Cimage%2Fapng%2C%2A%2F%2A%3Bq%3D0.8%2Capplication%2Fsigned-exchange%3Bv%3Db3%3Bq%3D0.7
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19AC2B7B4D3526C7A3547C7E062B1575E3288D004CB950AD897A153A26BCFDEDC4BEDE0 |
|
CONTENT
ssdeep
|
384:FuTsuRev9seRGIq5noe4r0cTvdTgevmJwbKAJOja1JsMqziv1UEFrxeJYOJm:Fu4kemeRE+eS0JiSq0Qt3eJYUm |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f3b24d9848d46676 |
|
VISUAL
aHash
|
fee7e7e7e7ffff00 |
|
VISUAL
dHash
|
880c4d0c0c0c0016 |
|
VISUAL
wHash
|
242724242727fe00 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
880c4d0c0c0c0016 |
Análisis de Código
Risk Score
100/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de Coinbase
• Método: Suplantación de identidad a través de una página de inicio de sesión falsa
• Exfil: Desconocido (probablemente correo electrónico y contraseña)
• Indicadores: Coincidencia de dominio, formulario presente
• Riesgo: ALTO
🔒 Obfuscation Detected
- base64_strings
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain Mismatch
The domain does not belong to the official Coinbase website.
Impersonation
The page attempts to impersonate the Coinbase login page.
Forms Present
The page includes an email entry form, which collects sensitive user information.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Two-Factor Authentication Stealer
Objetivo
Coinbase users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer
- 1 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Coinbase
Official Website
https://www.coinbase.com
Fake Service
Coinbase login
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker aims to steal the user's Coinbase login credentials (email and password) by presenting a fake login form that mimics the original.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Domain
8193webauthenticationsign-appdashboard24h.crabdance.com
Registered
2005-11-22
Registrar
None
Status
Inactive
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Coinbase
https://webauthenticationsign-appdashboard19h.crabdance.com/...
Mar 31, 2026
Coinbase
https://8193webauthenticationsign-appdashboard24h.crabdance....
Mar 04, 2026
Coinbase
http://conbase-webappsyslog-dashboardsignhelp.duia.ro/
Ene 17, 2026
Coinbase
https://conbase-webappauthhelp-signdashboard.duia.ro/?bar9lo...
Ene 14, 2026
Coinbase
https://conbase-webappauthhelp-signdashboard.duia.ro/
Ene 14, 2026
Scan History for 8193webauthenticationsign-appdashboard24h.crabdance.com
Found 1 other scan for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.