EN ES PT
Back to Stats

Visual Capture

Screenshot of blockchainloginus.webflow.io

Detection Info

http://blockchainloginus.webflow.io/
Detected Brand
Blockchain.com
Country
International
Confidence
100%
HTTP Status
200
Report ID
1e1336f7-0de…
Analyzed
2026-02-18 01:28
Final URL (after redirects)
https://blockchainloginus.webflow.io/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1C25112E3628765643B32C4F4CE56B1CCD482447DCE50A88CE8D8C19E97D9ACEA91245F
CONTENT ssdeep
48:q32l4JEYEgcFrOKnRlvMyK5Nx/u+yR+ckzDOyR+hlyR+tyR+X1yR+KHPgGBu531p:q32wEgchOKnHPK57WhwcQRwhIwwwX4wb

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
830bfcd435b5d505
VISUAL aHash
0000000007ffffff
VISUAL dHash
9e73f3efcce01640
VISUAL wHash
000000033fffffff
VISUAL colorHash
0b000600048
VISUAL cropResistant
cfefdce412961600,ce3f73f3f7efcfec

Code Analysis

Risk Score 100/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 Banking 🎣 Personal Info

πŸ”¬ Threat Analysis Report

β€’ Threat: Phishing
β€’ Target: Blockchain.com users
β€’ Method: Impersonation through a look-alike login page.
β€’ Exfil: Data entered into the forms.
β€’ Indicators: Free hosting, brand logo present, obfuscation.
β€’ Risk: High

πŸ”’ Obfuscation Detected

  • atob
  • fromCharCode
  • base64_strings

🎯 Kit Endpoints

  • https://blockchainloginus.webflow.io/

πŸ“‘ API Calls Detected

  • https://www.google.com/ccm/geo
  • POST

πŸ“Š Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting
The site is hosted on a free hosting provider, a common indicator of phishing.
Brand Impersonation
The site attempts to mimic the legitimate Blockchain.com website.
Obfuscation Detected
The presence of obfuscated JavaScript code suggests an attempt to hide malicious functionality.

πŸ”¬ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Blockchain.com users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, Banking, Personal Info
  • 34 obfuscation techniques

🏒 Brand Impersonation Analysis

Impersonated Brand
Blockchain.com
Official Website
blockchain.com
Fake Service
Login Portal

βš”οΈ Attack Methodology

Primary Method: Credential Harvesting

The phishing site is designed to steal user credentials by mimicking the legitimate Blockchain.com login page. Victims are tricked into entering their login details, which are then harvested by the attacker.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
blockchainloginus.webflow.io
Registered
None
Registrar
None
Status
None

πŸ€– AI-Extracted Threat Intelligence

Scan History for blockchainloginus.webflow.io

Found 1 other scan for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.