SafeMode - Analysis: pageslearn.ghost.io

Visual Capture

Detection Info

https://pageslearn.ghost.io/

Detected Brand

Trust Wallet

Country

International

Confidence

100%

HTTP Status

200

Report ID

a23d4c18-5c3…

Analyzed

2026-01-02 15:05

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T13072447252442A3EC22343CAAFD77394F3F24185E99D0DE5D2FCD2791283DA5D236A98
CONTENT ssdeep	384:VBElAeODd9jArDTm+7zKBR4iMEmJ090BCjvjAG:VBrhJAnTm+7eRrMBJ+0BwbAG

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	880af3f3e2c8ccda
VISUAL aHash	ff000000ffffffff
VISUAL dHash	69fff3f38f189e1e
VISUAL wHash	050000003fffffff
VISUAL colorHash	06000280030
VISUAL cropResistant	01480169499100ff,ae80897971c980ae,22001e36201e2600,fffff3fbb3f3cfff

Code Analysis

Risk Score 78/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Crypto wallet phishing attack
• Target: Trust Wallet users
• Method: Imitates the Trust Wallet website to steal user information through a fake subscription form.
• Exfil: Unknown where the stolen data is sent.
• Indicators: Domain mismatch, brand impersonation, subscription form.
• Risk: HIGH - Users could be tricked into providing personal information.

🔒 Obfuscation Detected

fromCharCode

🎯 Kit Endpoints

https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&osid=1&continue=https://docs.google.com/drawings/d/1krYi3B-05hb2j2k6Lc0tXUw43KlkzYnOmysS2YQEOiw/edit&followup=https://docs.google.com/drawings/d/1krYi3B-05hb2j2k6Lc0tXUw43KlkzYnOmysS2YQEOiw/edit&ltmpl=drawings&ec=GAZAGQ