ScanMalware.com

Security Scan Report: hines.ctm.coupahost.com

Redirected to:
https://hines.ctm.coupahost.com/system/portal.asp
Site favicon
Submitted: May 10, 2026, 5:21:11 PMCompleted: May 10, 2026, 5:22:37 PMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 13 HTTP transactions. The main domain is hines.ctm.coupahost.com and was registered NaN years ago.

Submitted URL: https://hines.ctm.coupahost.com

Effective URL: https://hines.ctm.coupahost.com/system/portal.aspRedirected

The Cisco Umbrella rank of the primary domain is #18,321 of the top 1 million websites

AI Security Verdict

Moderate Risk

Confidence: 88%

5
Risk Score

The site impersonates Coupa Treasury and harvests passwords without usernames, posing a high‑risk phishing threat.

Risk Factors
Brand impersonation of Coupa
Credential harvesting form (password‑only fields)
Untrusted hosting subdomain (coupahost.com)
Moderate domain reputation (rank >10 K)
Absence of legitimate brand verification
Safety Factors
Domain is well‑established (19+ years old)
No malicious Indicators of Compromise detected
No JavaScript malware patterns or network IDS alerts
Low JavaScript obfuscation score
Established domain (6911 days old) with no strong malicious indicators — risk clamped from 8 to 5
Domain age information unavailable

Details

Page Title

Coupa Treasury

Scan Type

public

Language

🇺🇸

English

(52% confidence)

Category

cryptocurrency blockchain

(71%)

Domain Information

The domain name 'hines.ctm.coupahost.com' uses the commercial generic top-level domain (.com) with subdomain 'hines.ctm'. The registrable portion 'coupahost' spans 9 characters split between 4 vowels and 5 consonants. It segments into three words: coup, a, host. Expect 4 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://hines.ctm.coupahost.com

Page Load Overview

1.58s
Total Load Time
16
HTTP Requests
1
Domains
213 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:52%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:52%
Script Type:Latin
Text Length:212 chars
Detector Agreement:100%

Website Classification

Primary Category

cryptocurrency blockchain71% confidence
Type: static
Method: ml+structural

All Detected Categories

cryptocurrency blockchain
71%
finance banking
68%
technology software
62%
government public service
60%
adult content
36%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
1644.221.21.205Ashburn, Virginia, United States
AS14618Amazon.com, Inc.
161--

Detected Technologies2

PasswordField
100%
HSTS
40%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1BEF1560CF5E06775749206A0F9513E931DD0E0BBE3114988B42E3BBB7F88BEAA52755C

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

96:qyL6aeIdjPI5xL+DcKWYHVg7k8+r8pPPNcD7o0K8K5/iAb2cuCD1Rb8nCviyzpyH:qyuahFdyUvaXyIPPWsJMCqyNXGo9yIA

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:7925:SC0HRIiV3wFhqxdKA1AEQAFEaFJAdBABWhECBAEIiAkRTIICQjgAAIJADIKIsGUMnnSQwAgcKoBaTqgQK78TwgQjQIRwDKBC

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00003c3c3c3c0000
Perceptual Hash:8c3133c6ce3199cf
Difference Hash:0105717171710501
Wavelet Hash:01013d3d3d3d0101
Color Hash:#493a78

Other Hashes

Crop Resistant:5b5b5b5b5b5b5b5b,82e0f8c3a2a282ae,0004717171710400

Scan History

Scan history not available

Unable to load historical scan data