Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
No screenshot available
Detection Info
http://ethereum.attorney
Detected Brand
Ethereum
Country
International
Confidence
100%
HTTP Status
200
Report ID
d12e7205-7f8โฆ
Analyzed
2026-03-11 17:15
Final URL (after redirects)
https://ethereum.org/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T104545CE49200677F289343DFF624F765D32E2259F36A8C10F2AC9615B2CAE96D1375C8 |
|
CONTENT
ssdeep
|
1536:NGY5liXsvXsepzmpzb1lXsX6cyBlzI7xQ1yizQts880zjzPa8bU1RSs02ObI/i3U:NVIXsvXsBXsEod2OMdW5uGOt |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ef6bc4a41d1b9292 |
|
VISUAL
aHash
|
db818101e7e7ffff |
|
VISUAL
dHash
|
332369734d0c7150 |
|
VISUAL
wHash
|
89810000a7e7ffff |
|
VISUAL
colorHash
|
07006200008 |
|
VISUAL
cropResistant
|
332369734d0c7150 |
Code Analysis
Risk Score
100/100
Threat Level
BAJO
๐ฃ Credential Harvester
๐ฃ OTP Stealer
๐ฃ Banking
๐ฃ Personal Info
๐ฌ Threat Analysis Report
โข Threat: None (Legitimate Website)
โข Target: Ethereum users
โข Method: N/A
โข Exfil: N/A
โข Indicators: Legitimate branding, design.
โข Risk: Low
๐ Obfuscation Detected
- atob
- fromCharCode
- unescape
- unicode_escape
- base64_strings
๐ฏ Kit Endpoints
- https://blog.ethereum.org
- https://blog.ethereum.org/en/2026/02/27/project-odin
- https://soliditylang.org///blog/2026/02/18/transient-storage-clearing-helper-collision-bug
- https://geodework.com/blog/local-ethereum-13
- https://blog.ethereum.org/
- https://geodework.com/og?title=Geode%20Labs%20Blog
- https://0xparc.org/blog
- https://devcon.org/en/blogs/
๐ก API Calls Detected
- https://ingesteer.services-prod.nsvcs.net/rum_collection
- https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd&include_24hr_change=true
- https://twitter.com/intent/tweet?text=
- https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd
- POST
๐ Risk Score Breakdown
Total Risk Score
20/100
Contributing Factors
Domain mismatch
The domain doesn't match the expected official domain, but the content *does*.
Content Authenticity
The site looks like the official Ethereum website with matching elements.
๐ฌ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Ethereum users (International)
Attack Method
obfuscated JavaScript
Exfiltration Channel
Unknown
Risk Assessment
CRITICAL - Automated credential harvesting with Unknown
โ ๏ธ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
- 18 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
Ethereum
Official Website
ethereum.org
โ๏ธ Attack Methodology
Primary Method: Unknown
The site appears to be the legitimate Ethereum site, but the domain is unusual. Requires further investigation.
Target Blockchain
Ethereum
๐ Infrastructure Indicators of Compromise
Domain Information
Domain
ethereum.attorney
Registered
None
Registrar
None
Status
None
๐ค AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.