Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://curve.finance-swap.sbs/
Detected Brand
Curve Finance
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
f7a17834-9d2โฆ
Analyzed
2026-06-27 23:36
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D515F9F013281E7B60C7C39DE7747CE766EAAE92DA87544893AE4AE857C3CC8D9055C0 |
|
CONTENT
ssdeep
|
6144:mv/xECZytF2uoSbDbU9YMS7ePpfoLYh2qqXSOVmRDqYti87bjXIsONoUcTLeu7e5:KnAtOSb/UrtCzqqXSQaDqYzMaC5 |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c80df037f00df137 |
|
VISUAL
aHash
|
ff181818000000ff |
|
VISUAL
dHash
|
8e71b2b230081092 |
|
VISUAL
wHash
|
ff181818000000ff |
|
VISUAL
colorHash
|
31001000180 |
|
VISUAL
cropResistant
|
8e71b2b230081092 |
Code Analysis
Risk Score
76/100
Threat Level
ALTO
โ ๏ธ Phishing Confirmed
๐ฃ Credential Harvester
๐ฃ OTP Stealer
๐ฃ Card Stealer
๐ฃ Banking
๐ฃ Personal Info
๐ Obfuscation Detected
- fromCharCode
- unescape
๐ฏ Kit Endpoints
- data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACgAAAAyCAYAAAAus5mQAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAWMSURBVHgB5VjNbxtFFH87Xn/HH2lSErUpOEIFCSERqRIcMVIbqBBq0h4iTg0HjjTJX5Bw49YkZ6QYiRsKaQQHSpCSXLiFGCGKBLQ1SgiEfDnx19reneW9idexHdtNvFnHUn/SaDWzM7O/+b15b2YfQBOw8XR18e8nq/r6nyvDVF9/8lOE6muPVyaeNZZBi0OCJoAU1HUIp9NJyOezx94fxLcggUUHiPQP3vuo9N3zreDC3PQcfqCv92pf0OXxBXWUkYqipFDJHCQPdiB1sAsa10DnnMjEcVic6/p8/+2RUZpDBkshBZFSiOPHRU2SRDF0oXZVzRd7o4mDQEWSAkZbU0ycSicgkdiDvJora/f5O6Cr5yos/vgIPh79DD7/8ptjYy1W8BC6zoVaOtfL2iXGQMaSVnLw3/YeLiQD50KwEqnEDnruNnjagqIMXX8Pbr76JnQEfBBQHWDX5fA/X327iOuKngvBfDYLWSUNDpdX1K90dUOg/UXIZxRQ9pPUFEJfCtEGtJRgx8Ue4LoGsuwoa/f4AiDZbMJB9rY3gG1xcG7pwL1uAH9bWV9LCbq9PtCrtDucXtx/sgjQ6WQcvFs5yK2hN3e2g9RMgjtb6xgxGPiDF8Em24vtRCpJXp1TRD3RIUPexcBrl0WcQa9a5pxFONPilhLMpBL0NXSEQBnBHO4/ImlA8TJRgNsgqOEIiT3t+fD9CL07FydpC3SA3eEEVVPFPszhyUJOk5PyUTxp5jXgUaPvuRD0I0HAoiCpbDaDexEEwZSkRC8PfTBR2tdSgr5g5+FHKrz4NLCUYACdQwdzsJRgMrErvNjt8YtjrRFYSjC+swnkxbZuOzgLp8Zp0fIX1pYnWNPEc3P3gy4V+sAcgmASNQl6uW1AkmEGTMGsD1chKJTDldtlF167NWgEErOJp84bG1+KYwSFcgxmHC4XtHdegkbg87UDw7CSSh2U/XOYIlipnA3va4yZ8yGKgaVzSOz0P5FFgh7ORhmTxg3lHHiYu91tYAYej7nxhNYPM7+uLEyg9OPQRNRKgVRD6yu4HnuEG1nCq9FFcTW3AoY3056mvX0atP5ZnGZ8UgWtN5Xcndpc/wP2d/+Fs4bH4xOxkVSkFIhaSIFQ8oi+Sc9akAcHx0RG6eHsVJxMbSR6zhJHSSMom78yeVSVYGWDHa/ntFpjwkZAe45XOeYo9UYgKymYUNIKfbB9SpP4pHKYfqtPkIiZPUGIXD1LHEu76RC/eXssVq1vkeAL3SHhMm63T9RTyX3Y3vxL3IS7L78MmqaJxCMtgPYUqZFOJ2oSqIc2/wXxr3w0oHbfIkGHyyPOStl++INNf/1E8miVh6s21CWCjV4E7A5XWb0yLVeVoAH6aCaTEpNcuvKKILqx9rsgmM/nhYIi4V2onwakWrV/E7xT3Ppt9YeXNM6XX7/WH6lLkMyTQ1IUUIMXukSKIvb4FzgLONFK1SH1oYZ9tkPrRKAeQQNpNC+lxjRMTxQmiepcnQITUDLJu5hBCBc/bnc+8AY651P727fUfHYArRZGJWfQ5D+/du3GZF2CpGJ8d7O0Kd5/ZywCJvDw66kwKwlfHIm8FR6KYAwOYQwewGxrCJUcBiYt4WtBsGY8QWeJ4gSfSgXJKVuPE018Nzs9Ck1ETYJOpzf67p2RCR20L6iORGmV4zKDEWgi5IW5+2FMFoazmcTbLq8frMD3s9PDZAGMYm8Umh6QeRnjS88aKxM5UiaHF0gXWAOMr3fRAmGjjhFqHq0TOclYGSNvFI9y0bk0XGK4WaYn+nDMDixCCmCPMDQEfR4P0JhRU5keK3td4ICxNYRhLUyB0cCJbwS0FQBsizggdn3wXi9YANoK9MuLtJZuDH7yDrWdOLt1pOTxG8dZAbdCTCgJRwr/D1Zfe1W0iB80AAAAAElFTkSuQmCC
๐ก API Calls Detected
- POST
๐ Risk Score Breakdown
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
Credential Harvesting
Credential harvesting detected with 2 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 6 technique(s) to evade detection
๐ฌ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Curve Finance users
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
โ ๏ธ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 6 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
Curve Finance
Official Website
N/A
Fake Service
Token swap/DEX platform
โ๏ธ Attack Methodology
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.
๐ Infrastructure Indicators of Compromise
Domain Information
Domain
curve.finance-swap.sbs
Registered
2026-06-23 14:28:19+00:00
Registrar
Hosting Concepts B.V. d/b/a Registrar.eu
Status
Recently registered (4 days old)
Hosting Information
Provider
Hosting Concepts B.V. d/b/a Registrar.eu
ASN
๐ค AI-Extracted Threat Intelligence
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.