SafeMode - Analysis: ch-clashverge.com.cn

Visual Capture

Detection Info

https://ch-clashverge.com.cn/

Detected Brand

Kraken

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

fcba8788-e14…

Analyzed

2026-06-24 23:32

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T10802FD3A7080B97B4097D2E99674AF5F72C6838AC9870B0262F9979D5BEBE48CD00457
CONTENT ssdeep	96:tbL87VwN2X0nC4j8ugjWIP3cjVv6pXi4dXBWLgLY52SzBXuEa9cIInq/4qbC:BL87ONznz4uc/DYEAXun1bC

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	dd1c3233323393d6
VISUAL aHash	041818183c7c7e7e
VISUAL dHash	4db2b2b2d4c8d8c4
VISUAL wHash	241818187e7e7e7e
VISUAL colorHash	38008040218
VISUAL cropResistant	4db2b2b2d4c8d8c4

Code Analysis

Risk Score 12/100

Threat Level ALTO

⚠️ Phishing Confirmed

🔒 Obfuscation Detected

eval
unescape
hex_escape
unicode_escape

📊 Risk Score Breakdown

Total Risk Score

40/100

Contributing Factors

Code Obfuscation

JavaScript code obfuscated using 34 technique(s) to evade detection

🔬 Comprehensive Threat Analysis

Threat Type

Kraken Phishing Landing Page

Target

Kraken users

Attack Method

obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

34 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Kraken

Official Website

N/A

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: SEO Poisoning Landing Page

Fake Kraken page designed to appear in search results and trick users into visiting. May redirect to credential harvesting pages, malware downloads, or serve as a trust-building step before requesting sensitive information.