SafeMode - Analysis: claim-shit.pages.dev

Visual Capture

Detection Info

https://claim-shit.pages.dev/

Detected Brand

Unknown

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

cf1f4957-64f…

Analyzed

2026-06-23 23:40

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1332286E24050B12E159FC6CB8F29576D33AB20FAE9BB0241A7ED878CDBDAC51DD06845
CONTENT ssdeep	192:ccoEx0MIIV40CAAqRZ6hPlMBK6Ie2Nyr2Qz4e40WJAAqRZ6WmXLIlT3qX:z60rRZ6hP8/v20r2p0hRZ6WlT6X

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c7c69c9c91b69c94
VISUAL aHash	7e707060601c1818
VISUAL dHash	f4c0e4ccc8307271
VISUAL wHash	ff7e7870103c183c
VISUAL colorHash	31080007000
VISUAL cropResistant	820b54332b441802,f4c0e4ccc8307271

Code Analysis

Risk Score 65/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 OTP Stealer 🎣 Personal Info

🎯 Kit Endpoints

#blog

📊 Risk Score Breakdown

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected kit types: OTP Stealer, Personal Info

🔬 Comprehensive Threat Analysis

Threat Type

Two-Factor Authentication Stealer

Target

General public

Attack Method

Phishing webpage

Exfiltration Channel

Unknown

Risk Assessment

HIGH - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

Kit types: OTP Stealer, Personal Info

🏢 Brand Impersonation Analysis

Impersonated Brand

Generic Phishing

Official Website

N/A

Fake Service

Airdrop/claim portal

⚔️ Attack Methodology

Primary Method: Two-Factor Authentication Bypass

Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.