SafeMode - Analysis: rhinomadeusainc.shop

Visual Capture

Detection Info

https://rhinomadeusainc.shop/index.php/campaigns/at92141hxec2a/web-version/ge292ktpn9b7f

Detected Brand

USPS

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

b6811ffd-b23…

Analyzed

2026-06-09 10:10

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T13762E011C380268F85BE8092F1316DC76B840FDED727096CE7D1972EA4DB47A5B0A79A
CONTENT ssdeep	192:9BfqV/Cw5xaehF6sWMz+vG330hF6sWTv7vtcV7o3V30WaehF6sWjz+vN3Gx3H+zm:SVvW+gqkBi6oAwuSsXVd

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b326ce9999336466
VISUAL aHash	e7e7c3c7efefe7e7
VISUAL dHash	484c445c4c18484c
VISUAL wHash	2703030327072727
VISUAL colorHash	070000000c3
VISUAL cropResistant	484c445c4c18484c,4023c4d8c8234000

Code Analysis

Threat Level ALTO

⚠️ Phishing Confirmed

📊 Risk Score Breakdown

Total Risk Score

40/100

🔬 Comprehensive Threat Analysis

Threat Type

USPS Phishing Landing Page

Target

USPS users

Attack Method

Phishing webpage

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

🏢 Brand Impersonation Analysis

Impersonated Brand

USPS

Official Website

N/A

Fake Service

Token swap/DEX platform

⚔️ Attack Methodology

Primary Method: Malicious Landing Page

Uses USPS branding to appear legitimate in search results, social media, or advertising networks. Designed to redirect victims to phishing pages or distribute malware while maintaining appearance of authenticity.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.