Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19E23B433D295CA720D8746CCF2D0E718269A834BBB3215CDB7D092BBA78DDE5942538C |
|
CONTENT
ssdeep
|
768:R36CufFQcNcKcPcRc+cJZO4DifSpO9lFW60i4zcAIXyob13Rb4FW62iyLJcAIQ+v:B968pOlFW+dBOFWBOnAR70 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c81ea3709fa07e63 |
|
VISUAL
aHash
|
0000001818c1e37e |
|
VISUAL
dHash
|
960915b2311796d0 |
|
VISUAL
wHash
|
5a00183898c3ffff |
|
VISUAL
colorHash
|
31000000000 |
|
VISUAL
cropResistant
|
960915b2311796d0 |
⢠Threat: Crypto Drainer Phishing
⢠Target: Bulk Network Users
⢠Method: Reward claim incentive leading to wallet drainer
⢠Exfil: Obfuscated JS exfiltration to external C2
⢠Indicators: 'Claim Rewards' button, JS obfuscation
⢠Risk: High
The site prompts users to connect their Web3 wallet (e.g., MetaMask) to claim rewards, subsequently triggering a malicious transaction request.
Uses deceptive UI to mimic official project branding and capture user trust.