EN ES PT
Back to Stats

Visual Capture

Screenshot of im-token.ink

Detection Info

https://im-token.ink/
Detected Brand
imToken
Country
Unknown
Confidence
95%
HTTP Status
200
Report ID
ea7add6d-e1b…
Analyzed
2026-07-12 11:27

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1BC528320F044202B951357DEE2A27F6A71ABF65EC64A8D046BFD82918FF2D38FC21755
CONTENT ssdeep
192:OpkDCutlL2caGOzhG1ZUlI/3N6aH77/y7nN7VVOqMi1olX:bC8OzhG3WI/HH77q7nN7VnMgolX

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b3639cc999623359
VISUAL aHash
dfe7e7e7efefc3cf
VISUAL dHash
33284d4d5c489614
VISUAL wHash
8fe3e0e0e4e7008f
VISUAL colorHash
07001000180
VISUAL cropResistant
33284d4d5c489614

Code Analysis

Risk Score 50/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Personal Info

📊 Risk Score Breakdown

Total Risk Score
70/100

Contributing Factors

Active Phishing Kit
Detected kit types: Personal Info
Credential Harvesting
Credential harvesting detected with 2 form(s) capturing sensitive data

🔬 Comprehensive Threat Analysis

Threat Type
Phishing Kit (Personal Info)
Target
imToken users
Attack Method
credential harvesting forms
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Personal Info

🏢 Brand Impersonation Analysis

Impersonated Brand
imToken
Official Website
N/A
Fake Service
Credential harvesting service

⚔️ Attack Methodology

Primary Method: imToken Credential Harvesting

Fake imToken login page with 2 forms. Victim enters credentials which are captured and transmitted to attacker's server. Page may impersonate imToken official login to appear legitimate.

Secondary Method: Client-Side Form Interception

JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
im-token.ink
Registered
2026-05-06 03:24:49+00:00
Registrar
Bizcn.com, Inc.
Status
Active (67 days old)

Hosting Information

Provider
Bizcn.com, Inc.
ASN

🤖 AI-Extracted Threat Intelligence

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.