A Coinbase Phishing Kit that has a hCaptcha verification screen to avoid analysis. This looks for the site key that is common across multiple examples.
title: Coinbase Phishing Kit 5d238ea1
description: |
A Coinbase Phishing Kit that has a hCaptcha verification screen to avoid analysis.
This looks for the site key that is common across multiple examples.
references:
- https://urlscan.io/result/5d238ea1-067a-4f4c-9c0c-6d136e4abfaf/
- https://urlscan.io/result/424ee501-b38a-4cde-b38d-858a86ed6338/
- https://urlscan.io/result/e1dfddca-a158-4f13-adfe-c81afa859e17/
- https://urlscan.io/result/51f73a1a-e5d4-498d-9680-f581f93f3580/
- https://urlscan.io/result/b2285f72-0dee-49d8-a317-4956ccb7e294/
detection:
pageTitle:
title: "Just a moment..."
siteKey:
html|contains: "data-sitekey=\"46dbc5a3-faed-46df-975d-223473f5a9bc\""
condition: pageTitle and siteKey
tags:
- kit
- target.coinbase