Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
No screenshot available
Información de Detección
http://ethereum.attorney
Detected Brand
Ethereum
Country
International
Confidence
100%
HTTP Status
200
Report ID
d12e7205-7f8…
Analyzed
2026-03-11 17:15
Final URL (after redirects)
https://ethereum.org/
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T104545CE49200677F289343DFF624F765D32E2259F36A8C10F2AC9615B2CAE96D1375C8 |
|
CONTENT
ssdeep
|
1536:NGY5liXsvXsepzmpzb1lXsX6cyBlzI7xQ1yizQts880zjzPa8bU1RSs02ObI/i3U:NVIXsvXsBXsEod2OMdW5uGOt |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ef6bc4a41d1b9292 |
|
VISUAL
aHash
|
db818101e7e7ffff |
|
VISUAL
dHash
|
332369734d0c7150 |
|
VISUAL
wHash
|
89810000a7e7ffff |
|
VISUAL
colorHash
|
07006200008 |
|
VISUAL
cropResistant
|
332369734d0c7150 |
Análisis de Código
Risk Score
100/100
Threat Level
BAJO
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Ninguna (Sitio web legítimo)
• Objetivo: Usuarios de Ethereum
• Método: N/A
• Exfil: N/A
• Indicadores: Marca, diseño legítimos.
• Riesgo: Bajo
🔒 Obfuscation Detected
- atob
- fromCharCode
- unescape
- unicode_escape
- base64_strings
🎯 Kit Endpoints
- https://blog.ethereum.org
- https://blog.ethereum.org/en/2026/02/27/project-odin
- https://soliditylang.org///blog/2026/02/18/transient-storage-clearing-helper-collision-bug
- https://geodework.com/blog/local-ethereum-13
- https://blog.ethereum.org/
- https://geodework.com/og?title=Geode%20Labs%20Blog
- https://0xparc.org/blog
- https://devcon.org/en/blogs/
📡 API Calls Detected
- https://ingesteer.services-prod.nsvcs.net/rum_collection
- https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd&include_24hr_change=true
- https://twitter.com/intent/tweet?text=
- https://api.coingecko.com/api/v3/simple/price?ids=ethereum&vs_currencies=usd
- POST
📊 Desglose de Puntuación de Riesgo
Total Risk Score
20/100
Contributing Factors
Domain mismatch
The domain doesn't match the expected official domain, but the content *does*.
Content Authenticity
The site looks like the official Ethereum website with matching elements.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Banking Credential Harvester
Objetivo
Ethereum users (International)
Método de Ataque
obfuscated JavaScript
Canal de Exfiltración
Unknown
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Unknown
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
- 18 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Ethereum
Official Website
ethereum.org
⚔️ Metodología de Ataque
Primary Method: Unknown
The site appears to be the legitimate Ethereum site, but the domain is unusual. Requires further investigation.
Target Blockchain
Ethereum
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Domain
ethereum.attorney
Registered
None
Registrar
None
Status
None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.