EN ES PT
Back to Stats

Visual Capture

Screenshot of rexodus.pages.dev

Detection Info

https://rexodus.pages.dev
Detected Brand
Ethereum
Country
International
Confidence
95%
HTTP Status
200
Report ID
dec67aa5-0ac…
Analyzed
2026-01-19 11:28
Final URL (after redirects)
https://rexodus.pages.dev/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T18E21FD708013EC77A0B2E2E187B993AF22D0C755D94713269BF9936C0ECAD88ED56152
CONTENT ssdeep
12:nwMy7FUQkpuG6BlzFMh6EW8qS9SPQKMxdjthJbFCbjUZl1chgzym7+1g7sVsb8af:n/CsOBwh6E1q0V7jtDFCbWWmRoauc

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9999e6cc1933b38c
VISUAL aHash
3c3c3c18183c3c3c
VISUAL dHash
f0f0f0f0f0f0f0f0
VISUAL wHash
7e3c3c3c183c3c3c
VISUAL colorHash
18007000000
VISUAL cropResistant
f0f0f0f0f0f0f0f0

Code Analysis

Threat Level ALTO
⚠️ Phishing Confirmed

🔬 Threat Analysis Report

• Threat: Cryptocurrency wallet phishing
• Target: Ethereum users
• Method: Fake financial dashboard mimicking a wallet
• Exfil: Unknown, likely collects login or transaction data
• Indicators: Free hosting, no official domain, financial interface
• Risk: HIGH - Potential for unauthorized access to funds

🎯 Kit Endpoints

  • ${t.adminUrl}?act=matched_segments_visualization&full_id=${t.fullId}
  • ${t.adminUrl}?act=audio&raw_id=${t.fullId}
  • /login
  • /login?m=7

⚔️ Attack Methodology

Primary Method: SEO Poisoning Landing Page

Fake Ethereum page designed to appear in search results and trick users into visiting. May redirect to credential harvesting pages, malware downloads, or serve as a trust-building step before requesting sensitive information.

Secondary Method: Brand Impersonation

Uses stolen Ethereum branding elements and design to appear legitimate and build victim trust.

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.