Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://mathkaynsgvsjbhiabhsbu.github.io/Metamask-phish/
Detected Brand
MetaMask
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
2048c408-34c…
Analyzed
2026-06-19 10:14
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1792123A13256AC3692E3C39C61A2C72B37918991CF4727112AED93DC6DF6F40CD231D0 |
|
CONTENT
ssdeep
|
24:hR/OupSrPXC5baPXmr66KPtZGBN9D0G1N9ulcvpmx2VTFm:TGupoPXCxqGx5BHd1HOgpmx2lFm |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc6633993333cccc |
|
VISUAL
aHash
|
0010181818180000 |
|
VISUAL
dHash
|
08303232b2b20c00 |
|
VISUAL
wHash
|
0018181818181800 |
|
VISUAL
colorHash
|
38200030000 |
|
VISUAL
cropResistant
|
0000527979680420,08303232b2b20c00 |
Code Analysis
Risk Score
20/100
Threat Level
ALTO
⚠️ Phishing Confirmed
Discord Webhook
📊 Risk Score Breakdown
Total Risk Score
70/100
Contributing Factors
Discord Exfiltration
Data exfiltration via Discord webhooks (1 webhook(s) exposed)
🔬 Comprehensive Threat Analysis
Threat Type
Data Exfiltration Campaign
Target
MetaMask users
Attack Method
Phishing webpage
Exfiltration Channel
Discord Webhooks (1 detected)
Risk Assessment
LOW - Automated credential harvesting with Discord Webhooks (1 detected)
⚠️ Indicators of Compromise
- 1 Discord webhook(s)
🏢 Brand Impersonation Analysis
Impersonated Brand
MetaMask
Official Website
https://metamask.io
Fake Service
Credential harvesting service
⚔️ Attack Methodology
Primary Method: Search Engine Manipulation
Fake MetaMask site positioned to capture victims through SEO tactics, typosquatting, or paid advertising. Serves as entry point for multi-stage attacks including credential theft and malware distribution.
Secondary Method: Standard Phishing Techniques
Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
mathkaynsgvsjbhiabhsbu.github.io
Registered
Unknown
Registrar
Unknown
Status
Hosting platform (subdomain)
Hosting Information
Provider
Unknown
ASN
🤖 AI-Extracted Threat Intelligence
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.