EN ES PT
Back to Stats

Visual Capture

Screenshot of 3655.mk

Detection Info

http://3655.mk
Detected Brand
Kaiyun Sports
Country
International
Confidence
100%
HTTP Status
200
Report ID
2cc285b0-4d9…
Analyzed
2025-12-31 22:46
Final URL (after redirects)
https://www.u0hadq.vip:6001/other/restrictionIp?name=access-caveat

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T103E1957055506C4AB273A294B8B2974F321BC20EDB0A0DB963F9A7D1D7CFAD544326A3
CONTENT ssdeep
96:BzNXdd1DAgFkuQc5DmeODuHqRkIpuLHgGQkIyuL1uGGkIS26tR6Bn/XddR:tDAgWEP7KRmLHgGQ5L1uGGWc5

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b81cc7733cce5930
VISUAL aHash
ffdfdb8383cff7ff
VISUAL dHash
e394b6363696c492
VISUAL wHash
ff4711010303777f
VISUAL colorHash
07001000180
VISUAL cropResistant
e394b6363696c492,278f1e1ec7612583

Code Analysis

Risk Score 100/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Access Restriction Phishing
• Target: Kaiyun Sports users, especially those interested in football clubs
• Method: Impersonating Kaiyun Sports with a fake access restriction page and logos of famous football clubs
• Exfil: Unknown, but likely attempting to collect user information or redirect to malicious sites upon clicking the button.
• Indicators: Domain mismatch, brand impersonation, use of football club logos, access restriction message, suspicious email address ([email protected])
• Risk: HIGH - Potential data theft or redirection to malicious websites

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • js_packer
  • base64_strings

🎯 Kit Endpoints

  • /v3/polyfill.min.js?flags=gated&features=default%2Ces2015%2Ces2016%2Ces2017%2Ces2018%2Ces2019%2Ces5%2Ces6%2Ces7%2Csmoothscroll%2CResizeObserver%2CAbortController%2CIntersectionObserver

📡 API Calls Detected

  • start-url
  • /
  • next-data
😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.