Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://2piwallet.com/
Detected Brand
2piwallet
Country
International
Confidence
95%
HTTP Status
200
Report ID
df46ada9-3c5…
Analyzed
2026-06-25 23:29
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T161A25570A188FA3341A7C2E7A63583AF76D0C785CB5B0B5143F9C32D5BD6EA5CD1128A |
|
CONTENT
ssdeep
|
384:NPIIrl3RAglrj0JZQHZwGzQP5MRG4U+jTLYUKsI8R7mfMwAXYrGVzpdam9KC65U/:pII5X5j2Ko9fMwAXhwiFOf6 |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9e9b312c2c939bcc |
|
VISUAL
aHash
|
01003cbc10180000 |
|
VISUAL
dHash
|
1b22697927717804 |
|
VISUAL
wHash
|
8f00fcff993d3c00 |
|
VISUAL
colorHash
|
38000038400 |
|
VISUAL
cropResistant
|
545f99e4a43b3b63,1b22697927717804 |
Code Analysis
Risk Score
56/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Banking
🔬 Threat Analysis Report
• Threat: Phishing/Crypto-Drainer
• Target: Cryptocurrency users
• Method: Impersonation of a legitimate-looking crypto wallet service
• Exfil: JavaScript-based wallet interaction or malware download
• Indicators: Recent domain, obfuscated code
• Risk: High
🔒 Obfuscation Detected
- fromCharCode
- unescape
📡 API Calls Detected
- POST
📊 Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Domain Age
Domain is only 23 days old.
Obfuscated Code
Detected fromCharCode and unescape patterns.
🔬 Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
2piwallet users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Banking
- 3 obfuscation techniques
🏢 Brand Impersonation Analysis
Impersonated Brand
2piwallet
Fake Service
Crypto Wallet Service
Fraudulent Claims
⚔️ Attack Methodology
Primary Method: Wallet Drainer
The site prompts users to download an app or sign transactions that likely contain malicious drainer code designed to empty cryptocurrency wallets.
Secondary Method: Credential Harvesting
Use of professional landing pages to establish fake trust to solicit sensitive security keys.
Target Blockchain
Ethereum/EVM/Bitcoin
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
2piwallet.com
Registered
2026-06-02
Registrar
N/A
Status
Active
🤖 AI-Extracted Threat Intelligence
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.