EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of copyratio.com

Detection Info

https://copyratio.com/
Detected Brand
Copyratio
Country
International
Confidence
100%
HTTP Status
200
Report ID
1f078c96-4f8โ€ฆ
Analyzed
2026-06-27 23:23

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1CEF21F309011653742A3D2C86B39271BB3D3920DCFA74A0667F883ACAFD7C55DD26E66
CONTENT ssdeep
768:VYmOl9k97jAs6yAs6HdrV7bodZZhshhmAC:1rIXtXHdrV7borZhshhJC

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
eca517ca119b6ca5
VISUAL aHash
fffff1d1f1f0fd00
VISUAL dHash
f04623333165619e
VISUAL wHash
fef39191f1b0bc00
VISUAL colorHash
07610000000
VISUAL cropResistant
b0c4273333256178,ca9921273434a5a6,38182d8f9c2f9f94,1961d1a786d9cc41,0000000000000000

Code Analysis

Risk Score 76/100
Threat Level ALTO
โš ๏ธ Phishing Confirmed
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Card Stealer ๐ŸŽฃ Personal Info

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Financial Phishing
โ€ข Target: Users seeking trading platforms
โ€ข Method: Impersonation with obfuscated data exfiltration
โ€ข Exfil: JavaScript form handler
โ€ข Indicators: Domain mismatch, obfuscation
โ€ข Risk: High

๐Ÿ” Credential Harvesting Forms

๐Ÿ”’ Obfuscation Detected

  • eval
  • fromCharCode

๐ŸŽฏ Kit Endpoints

  • //app.copyratio.com/login

๐Ÿ“ก API Calls Detected

  • <div><h1>Hi!</h1></div>

๐Ÿ“ค Form Action Targets

  • contact.html

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
85/100

Contributing Factors

Obfuscated Code
Presence of eval and fromCharCode is highly suspicious
Identity Mismatch
Domain/Email mismatch indicates lack of authenticity

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Copyratio users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
HTTP POST to backend
Risk Assessment
HIGH - Automated credential harvesting with HTTP POST to backend

โš ๏ธ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Personal Info
  • 6 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
Copyratio
Official Website
unknown
Fake Service
Copytrading Platform

Fraudulent Claims

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

Uses a professional-looking landing page to trick users into signing up for a fake trading service, likely to collect PII and financial data.

Secondary Method: Data Exfiltration

Uses obfuscated scripts to transmit user input to an external, likely malicious endpoint.

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
copyratio.com
Registered
2026-01-27
Registrar
unknown
Status
active

๐Ÿค– AI-Extracted Threat Intelligence

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.