SafeMode - Analysis: rhinomadeusainc.shop

Visual Capture

Detection Info

https://rhinomadeusainc.shop/index.php/campaigns/xg327p5nl2403/web-version/qo296m6m8y90c

Detected Brand

USPS

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

7376d211-c61…

Analyzed

2026-06-27 10:14

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1D2620211C340268F857E80A2F1316DD7AF840FCED723096CD7D5532EA4DF86A5B0A79A
CONTENT ssdeep	192:9Bfqv/Cw5xaehF6sWMz+vG00hF6sWTv7vtcV7o3V4WaehF6sWjz+vNgxZ+zJAmzL:SvvW+Dq4BigiAwuOsXE/

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b364ce9999336466
VISUAL aHash	e7e7c3c7efefe7e7
VISUAL dHash	484c445c4c18484c
VISUAL wHash	e4c0c0c0e4c4e4e4
VISUAL colorHash	070000000c3
VISUAL cropResistant	484c445c4c18484c,4023c4d8c8234000

Code Analysis

Risk Score 3/100

Threat Level ALTO

⚠️ Phishing Confirmed

🔒 Obfuscation Detected

unescape

📡 API Calls Detected

POST

📊 Risk Score Breakdown

Total Risk Score

40/100

Contributing Factors

Code Obfuscation

JavaScript code obfuscated using 2 technique(s) to evade detection

🔬 Comprehensive Threat Analysis

Threat Type

USPS Phishing Landing Page

Target

USPS users

Attack Method

obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

2 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

USPS

Official Website

N/A

Fake Service

Token swap/DEX platform

⚔️ Attack Methodology

Primary Method: Search Engine Manipulation

Fake USPS site positioned to capture victims through SEO tactics, typosquatting, or paid advertising. Serves as entry point for multi-stage attacks including credential theft and malware distribution.