EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of airbnb-clone-farukipekcom.vercel.app

Detection Info

https://airbnb-clone-farukipekcom.vercel.app/online-experiences.html
Detected Brand
Airbnb
Country
International
Confidence
95%
HTTP Status
200
Report ID
5bc7e0d3-fad…
Analyzed
2026-02-05 00:01

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1203375305150D17F011BD3C4EB7187AB32E98285EA970A6293FDC35A9BEBC99DF0AC54
CONTENT ssdeep
1536:4cNNz/shrisdrnsJrWsJrVEsJrkshrssdr7sJrZsJrysJe80828g8u8L8p858R8m:Hfz/shrisdrnsJrWsJrVEsJrkshrssd8

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
eac334949479cd72
VISUAL aHash
ffe1c0e0fff38180
VISUAL dHash
c0495b1128531931
VISUAL wHash
ffe0e0e0ffd18180
VISUAL colorHash
07e00000000
VISUAL cropResistant
c0495b1128531931,2969012025a12332,32337f737a7bbbb9,e3e66b6564623033,c8d9d8c84c5d5b49,99bdeede87ceccce,163333132f335b2a

Code Analysis

Risk Score 53/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Airbnb users
• Method: Impersonation via cloned website on free hosting
• Exfil: Unknown. Likely credential harvesting or malware.
• Indicators: Free hosting, brand logo, obfuscation detected.
• Risk: HIGH

🔒 Obfuscation Detected

  • fromCharCode

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting
The site is hosted on a free hosting provider (Vercel), which is a common indicator of phishing.
Brand Impersonation
The site displays the Airbnb logo and appears to be trying to mimic the official website.
Obfuscation
Obfuscation detected using 'fromCharCode', suggesting an attempt to hide malicious code.

🔬 Comprehensive Threat Analysis

Threat Type
Credential Harvesting Kit
Target
Airbnb users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester
  • 4 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Airbnb
Official Website
https://www.airbnb.com/
Fake Service
Airbnb website

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker likely aims to steal user credentials by creating a fake login page that closely resembles the official Airbnb site. Users who enter their credentials into this fake site will have their information stolen.

Secondary Method: Malware distribution

The site could be used to distribute malware by exploiting vulnerabilities within the browser or through social engineering techniques.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
airbnb-clone-farukipekcom.vercel.app
Registered
Unknown
Registrar
Unknown
Status
Active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/1fb8be28379a.png
Apr 05, 2026
 Screenshot
Airbnb
https://airbnb-clone-farukipekcom.vercel.app/online-experien...
Mar 17, 2026

Scan History for airbnb-clone-farukipekcom.vercel.app

Found 10 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.