SafeMode - Analysis: d3f.8-htx.com

Visual Capture

Detection Info

https://d3f.8-htx.com/

Detected Brand

Bybit

Country

Unknown

Confidence

95%

HTTP Status

200

Report ID

d5b8a6a7-d99…

Analyzed

2026-06-03 16:10

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T11BE186BB2180ACBB05B3D2DBE769A36932EAC252C5375F00B6FA0B4D9BC0D85DD45117
CONTENT ssdeep	192:VjeUlCSDpzpYpC7pyH6pRx5spw5npNpQLjbyFwSp/1:VCHg9wClCyRx2wfNpwjbyFv/1

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	ed6d1292126d6d6c
VISUAL aHash	00dbd191dfffffff
VISUAL dHash	6c3333333c0e0c23
VISUAL wHash	008181809effe7ff
VISUAL colorHash	07001200048
VISUAL cropResistant	2d3333333c0e0c23,401ac4c4c4c41a40,65428192828e8983

Code Analysis

Threat Level ALTO

⚠️ Phishing Confirmed

📊 Risk Score Breakdown

Total Risk Score

40/100

🔬 Comprehensive Threat Analysis

Threat Type

Bybit Phishing Landing Page

Target

Bybit users

Attack Method

Phishing webpage

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

🏢 Brand Impersonation Analysis

Impersonated Brand

Bybit

Official Website

N/A

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Brand Impersonation Redirect

Impersonates Bybit to build victim trust through search engine manipulation or malicious advertisements. Often redirects to credential theft pages or serves malware disguised as legitimate software.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.