Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T142F2096193106F7EE026C368F762B2E56319B264E607CA9492FD43E159CACC9E737CD0 |
|
CONTENT
ssdeep
|
384:VJMYrlPAVa8w5Oid5z4bA9KToq5+r7IzgAE4VxIZk9JV9ABCOnk8liU+/I:VNI/2+GS+r7mg74VxD9JYBC2DUg |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cccc333399cc6633 |
|
VISUAL
aHash
|
0000181818180000 |
|
VISUAL
dHash
|
0010303030300000 |
|
VISUAL
wHash
|
8498bcbcbcbcfb00 |
|
VISUAL
colorHash
|
38000000000 |
|
VISUAL
cropResistant
|
0010303030300000 |
• Threat: Crypto Wallet Drainer/Credential Theft
• Target: MegaETH Users
• Method: Obfuscated JS landing page
• Exfil: JavaScript-based hooking
• Indicators: Obfuscated code, recent domain
• Risk: Critical
The site uses obfuscated JavaScript to trigger a malicious connection prompt upon clicking 'Get Started'.
Uses official branding to establish false trust.
Pages with identical visual appearance (based on perceptual hash)