EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of guinnipraffaela36904-dinimos352470-manine30624.pages.dev

Detection Info

https://guinnipraffaela36904-dinimos352470-manine30624.pages.dev/help/contact/199136945936610/
Detected Brand
Facebook
Country
International
Confidence
100%
HTTP Status
200
Report ID
15d25eec-0c2…
Analyzed
2026-03-01 18:29

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1A741A6325020463755234DE5B0E2F716A2C3A38ECF8724043AFC53A407EDD49CC5B364
CONTENT ssdeep
48:TxCCG94X8idMC6BeWR2pe25n6SB8Znu9l1n:TzG9Q1B6JR+B8Bm5

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
c4444461f1f3f376
VISUAL aHash
000000ffffffffff
VISUAL dHash
94e0ac1016060000
VISUAL wHash
000000c3c3ffffff
VISUAL colorHash
07007000000
VISUAL cropResistant
2c0c120600000000,949494e6f0e4a4a5

Code Analysis

Risk Score 96/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Facebook users
• Method: Impersonation via free hosting and a form
• Exfil: Likely steals credentials
• Indicators: Free hosting, brand logo, form.
• Risk: High

🔒 Obfuscation Detected

  • fromCharCode
  • unescape

📡 API Calls Detected

  • https://api.ipify.org?format=json

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting
The site is hosted on a free hosting platform (pages.dev), a common tactic for phishing.
Impersonation
The site attempts to impersonate the Facebook Business Help Center.
Form Submission
Presence of a form suggests intent to collect user data.

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Facebook users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 11 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Facebook
Official Website
https://www.facebook.com/
Fake Service
Facebook Business Help Center

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker likely intends to collect user credentials by having users enter them into a form that's designed to look like a Facebook support request.

Secondary Method: Social Engineering

The attacker uses social engineering techniques by attempting to trick users into providing their information by posing as Facebook support.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
guinnipraffaela36904-dinimos352470-manine30624.pages.dev
Registered
Unknown
Registrar
Google Domains
Status
Active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Facebook
https://guinnipraffaela36904-dinimos352470-manine30624.pages...
Jun 14, 2026
 Screenshot
Facebook
https://guinnipraffaela36904-dinimos352470-manine30624.pages...
Jun 14, 2026
 Screenshot
Facebook
https://eugeniewun72-englichs302.pages.dev/help/contact/5962...
Jun 12, 2026
 Screenshot
Facebook
https://sp-bayerjohnathan132.pages.dev/help/contact/40981538...
Jun 06, 2026
 Screenshot
Facebook
https://sp-bayerjohnathan132.pages.dev/help/contact/61312275...
Jun 06, 2026

Scan History for guinnipraffaela36904-dinimos352470-manine30624.pages.dev

Found 7 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.