EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of crackaf-bubbles-frontend.vercel.app

Detection Info

https://crackaf-bubbles-frontend.vercel.app/swap
Detected Brand
Binance or similar DeFi platform
Country
International
Confidence
100%
HTTP Status
200
Report ID
4938cb96-70dā€¦
Analyzed
2026-03-02 03:12

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1BC2397F2828079AF43675BD1D312A6BF31AB303EDFDF2A51A2F487F46346DA09845485
CONTENT ssdeep
384:PVLORUZRfDt+dfx/xnl+YZLXVVUTo1DvsA8dmeB2w/znBEuoiCsmsxyQdqqm:PVLo2+Bn0YZLXVVUTiiIevLBnCsmsAEm

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
be7a2952b64a2b16
VISUAL aHash
01c8818686f8f4fb
VISUAL dHash
13131b0c0c030403
VISUAL wHash
01c9818686fcfcfb
VISUAL colorHash
02001c00000
VISUAL cropResistant
820578a696966986,13131b0c0c030403

Code Analysis

Risk Score 100/100
Threat Level ALTO
āš ļø Phishing Confirmed
šŸŽ£ Credential Harvester šŸŽ£ OTP Stealer šŸŽ£ Card Stealer šŸŽ£ Banking šŸŽ£ Personal Info

šŸ”¬ Threat Analysis Report

ā€¢ Threat: Phishing
ā€¢ Target: Cryptocurrency users
ā€¢ Method: Impersonating a DeFi platform to steal wallet information.
ā€¢ Exfil: Unknown (likely targets wallet credentials and possibly other personal information).
ā€¢ Indicators: Free hosting, brand logo on a suspicious domain.
ā€¢ Risk: HIGH

šŸ”’ Obfuscation Detected

  • atob
  • fromCharCode
  • unicode_escape
  • js_packer
  • base64_strings

šŸŽÆ Kit Endpoints

  • /nfts/collections

šŸ“” API Calls Detected

  • stats
  • POST
  • account
  • proxy
  • https://www.google.com/ccm/geo
  • logs

šŸ“Š Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting
The use of a free hosting provider (vercel.app) is a strong indicator of phishing.
Impersonation
The site attempts to impersonate a legitimate cryptocurrency exchange platform or its services.
Connect Wallet
The presence of a 'Connect Wallet' button on a suspicious domain strongly suggests credential theft.

šŸ”¬ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Binance or similar DeFi platform users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

āš ļø Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • 224 obfuscation techniques

šŸ¢ Brand Impersonation Analysis

Impersonated Brand
Likely Binance or another cryptocurrency trading platform
Official Website
null
Fake Service
Cryptocurrency Exchange / Wallet Connection

āš”ļø Attack Methodology

Primary Method: Credential Harvesting

The site uses a look-alike interface to lure users into connecting their cryptocurrency wallets, thereby allowing the attackers to steal the user's login details.

šŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
crackaf-bubbles-frontend.vercel.app
Registered
None
Registrar
None
Status
None

šŸ¤– AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://www.crackaf-bubbles-frontend.vercel.app/swap
Apr 08, 2026
 Screenshot
BNB
http://crackaf-bubbles-frontend.vercel.app/swap
Jan 14, 2026
 Screenshot
BNB
https://crackaf-bubbles-frontend.vercel.app/swap
Jan 07, 2026
No screenshot
Bubbles
http://crackaf-bubbles-frontend.vercel.app/swap
Dec 31, 2025
No screenshot
Bubbles
http://crackaf-bubbles-frontend.vercel.app/swap
Dec 21, 2025

Scan History for crackaf-bubbles-frontend.vercel.app

Found 10 other scans for this domain

šŸ˜°
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.