A Method for Domain Detection and Web Page Analysis Targeting Web3 Phishing Websites

As the paradigm of ″decentralized next-generation Internet, ″ Web3, relying on blockchain technology, has become an emerging field with great potential in the digital intelligence service ecosystem. However, Web3 phishing websites pose a serious threat to ecological health. Phishers carefully design domain names as the primary bait, inducing users to visit and engage in high-risk operations to steal digital assets. Currently, the antiphishing works of Web3 primarily focus on phishing account detection, phishing transaction detection, and phishing gang mining, whereas the existing phishing website domain name detection primarily targets traditional phishing websites, which have limitations such as insufficient adaptability and a lack of systematic analysis. To this end, a detection method called WPWHunter is proposed for Web3 phishing website domain names, which conducts multidimensional analysis on the detected real Web3 phishing websites and explores the potential application of Large Language Model (LLM) in web page analysis. The WPWHunter algorithm detects three features in Web3 phishing website domain names: inducing words, visual deception, and item name imitation. The experimental results show that WPWHunter can effectively detect suspicious Web3 phishing domains with a G-means index of 0.769 on a test set, which is 0.048 higher than that of the best-performing baseline method. Additionally, as a supplementary exploratory experiment, three universal LLM are used to analyze the content of Web3 phishing websites that WPWHunter failed to detect and the logic used by LLM to determine Web3 phishing websites is summarized.