EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of sigin-movies.orders-limited.com

Detection Info

https://sigin-movies.orders-limited.com/
Detected Brand
Plesk
Country
International
Confidence
100%
HTTP Status
200
Report ID
099fe473-f2b…
Analyzed
2026-01-01 09:20
Final URL (after redirects)
https://sigin-movies.orders-limited.com/login_up.php

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T11EF1EC32644CEC3B23235BD1B492B715E2D6C66ECA421610D6BC439D0FEBEE2E44665B
CONTENT ssdeep
192:AHVJ6kYMHSTCuCgERCBdDxe8L+jKkrfjg1r9j3rr7dv:yVJ6kR+3j2Cxe8L+jKkrfjg1r9j3rr7J

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
cc6666cc5c763233
VISUAL aHash
0018001818181800
VISUAL dHash
62724cb2b2b2b24c
VISUAL wHash
0018ffff38383c3c
VISUAL colorHash
07007000080
VISUAL cropResistant
e2a2e28033b2b8b8,62724cb2b2b2b24c

Code Analysis

Risk Score 95/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Plesk login page phishing
• Target: Plesk users
• Method: Fake login form stealing username and password
• Exfil: Data sent to unknown location via JavaScript form submission
• Indicators: Domain mismatch, obfuscated JS, forms detected, Javascript form submission
• Risk: HIGH - Immediate credential theft

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • document.write
  • hex_escape
  • unicode_escape
  • base64_strings

🎯 Kit Endpoints

  • log-in
  • ${(0,m.default)(`/admin/report/download/file/${encodeURIComponent(n.file)}`)}
  • https://support.plesk.com/hc/en-us/articles/12377667582743-How-to-log-in-to-Plesk-
  • /login_up.php?modals[cookie-policy-preferences]=true

📡 API Calls Detected

  • GET
  • https://o447951.ingest.sentry.io/api/4509632503087104/envelope/?sentry_version=7&sentry_key=c1dfb07d783ad5325c245c1fd3725390&sentry_client=sentry.javascript.browser%2F1.33.7
  • /modules/notifier/index.php/notifications

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Plesk
https://billingpaymentsubscribe.com/
Jun 23, 2026
 Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/0df9bdf737f0.png
Jun 23, 2026
 Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/77208e66320b.png
Jun 23, 2026
 Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/a5ea578f9e8e.png
Jun 21, 2026
 Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/26578b3367d5.png
Jun 19, 2026

Scan History for sigin-movies.orders-limited.com

Found 2 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.