Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://tarasyncora.com/
Detected Brand
WalletConnect (impersonated)
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
d05923a8-260โฆ
Analyzed
2026-05-31 22:12
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17FC3627A5281097E50D383E1A1B1973DF2F5E794EF07468BA3B8C34A2B87C65CE56324 |
|
CONTENT
ssdeep
|
768:0KkvQ2GdRSxkZeR2LEX3Jxv81ZkixH14vd7SmqInUtzskcnnkipZELk+CuqC5C3U:0qZGv+C5RVZkoI+kN |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c0c23f2de1d39b8c |
|
VISUAL
aHash
|
007c7e7e7a180000 |
|
VISUAL
dHash
|
13d4f4c4b0337088 |
|
VISUAL
wHash
|
ff7e7e7e18181800 |
|
VISUAL
colorHash
|
38000200030 |
|
VISUAL
cropResistant
|
b6164f286d092a4d,13d4f4c4b0337088 |
Code Analysis
Risk Score
88/100
Threat Level
ALTO
โ ๏ธ Phishing Confirmed
๐ฃ Banking
๐ Credential Harvesting Forms
๐ Obfuscation Detected
- unescape
๐ก API Calls Detected
- POST
๐ค Form Action Targets
- https://formsubmit.co/[email protected]
๐ Risk Score Breakdown
Total Risk Score
88/100
Contributing Factors
Active Phishing Kit
Detected kit types: Banking
Credential Harvesting
Credential harvesting detected with 3 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 2 technique(s) to evade detection
๐ฌ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
WalletConnect (impersonated) users
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
CRITICAL - Automated credential harvesting with HTTP POST to backend
โ ๏ธ Indicators of Compromise
- Kit types: Banking
- 2 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
WalletConnect (impersonated)
Official Website
N/A
Fake Service
Banking/payment service
โ๏ธ Attack Methodology
Primary Method: Banking Credential Theft
Victim enters banking credentials including account numbers and security questions. Attacker gains full access to victim's banking services.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
๐ Infrastructure Indicators of Compromise
Domain Information
Domain
tarasyncora.com
Registered
2026-05-25 20:35:48+00:00
Registrar
NICENIC INTERNATIONAL GROUP CO., LIMITED
Status
Recently registered (6 days old)
Hosting Information
Provider
NICENIC INTERNATIONAL GROUP CO., LIMITED
ASN
๐ค AI-Extracted Threat Intelligence
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.