Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://adwindone.github.io/interface
Detected Brand
Uniswap
Country
International
Confidence
100%
HTTP Status
200
Report ID
f3581031-46dā¦
Analyzed
2026-03-17 04:14
Final URL (after redirects)
https://adwindone.github.io/interface/#/swap
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B9F15472CA4C393E92335AE5EA7663BB225B72ADEACF0010D5BD03F187C6E85D817145 |
|
CONTENT
ssdeep
|
96:TiKCfYp6VdzWSyg9l5+sb2zWCa2ibQVk9ByG/I8VxlWoraq60mc35Nf6:GKCfASnyGGF5icVoZ/vLlNaq60lg |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec685b53626646d9 |
|
VISUAL
aHash
|
00999183efffffff |
|
VISUAL
dHash
|
0d3337270a040000 |
|
VISUAL
wHash
|
00001881c3ffffff |
|
VISUAL
colorHash
|
07000000006 |
|
VISUAL
cropResistant
|
0d3337270a040000 |
Code Analysis
Risk Score
100/100
Threat Level
ALTO
ā ļø Phishing Confirmed
š£ Credential Harvester
š£ OTP Stealer
š£ Card Stealer
š£ Banking
š£ Personal Info
š¬ Threat Analysis Report
ā¢ Threat: Phishing
ā¢ Target: Cryptocurrency users
ā¢ Method: Impersonation and wallet connection
ā¢ Exfil: Unknown, likely to steal wallet credentials or drain funds.
ā¢ Indicators: Free hosting, JavaScript, Uniswap branding.
ā¢ Risk: High
š Obfuscation Detected
- atob
- eval
- fromCharCode
- unescape
- hex_escape
- unicode_escape
- base64_strings
š” API Calls Detected
- GET
- https://merkle-drop-1.uniswap.workers.dev/
- POST
š Risk Score Breakdown
Total Risk Score
95/100
Contributing Factors
Free Hosting
The domain uses free hosting, which is often used by phishing sites.
Impersonation
The website mimics the appearance of a well-known brand (Uniswap) to deceive users.
JavaScript
Javascript form submission detected
š¬ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Uniswap users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
ā ļø Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 997 obfuscation techniques
š¢ Brand Impersonation Analysis
Impersonated Brand
Uniswap
Official Website
https://uniswap.org/
Fake Service
Uniswap Swap
āļø Attack Methodology
Primary Method: Deceptive Phishing
The attacker uses a cloned website to impersonate Uniswap and trick users into connecting their wallets. This allows them to potentially steal sensitive information or drain funds.
Secondary Method: Credential Harvesting
Through the connection of the wallet, users might be prompted to enter additional information like mnemonic phrases which are then captured by the phishers.
Target Blockchain
Ethereum
š Infrastructure Indicators of Compromise
Domain Information
Domain
adwindone.github.io
Registered
None
Registrar
None
Status
Active
š¤ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.