EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of lyqz365.com

Detection Info

https://lyqz365.com/
Detected Brand
TokenPocket
Country
International
Confidence
95%
HTTP Status
200
Report ID
61e6b1d3-a7f…
Analyzed
2026-06-02 10:36

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T13B32D7799146EEBA02D293EF5F39337FB26489D1CC570A85A6E0C74C8ED4D4DDC408AA
CONTENT ssdeep
192:m+k2n4Cse8rfqA+faeE2UeE2tyDolg8XiEus:mtFCsHrfAfaL2U32oolg8os

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b83f27474948475d
VISUAL aHash
008fdfdfffffdfff
VISUAL dHash
33383c3030ec3c38
VISUAL wHash
00078f8fdf078f47
VISUAL colorHash
07000e00000
VISUAL cropResistant
33383c3030ec3c38,000340cbcb000313

Code Analysis

Risk Score 53/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Crypto Wallet Phishing/Impersonation
• Target: TokenPocket users
• Method: Malicious software download promotion
• Exfil: Unknown (likely malware payload)
• Indicators: Unofficial domain, brand cloning
• Risk: High

🔒 Obfuscation Detected

  • document.write

🎯 Kit Endpoints

  • www.lyqz365.com/blog

📊 Risk Score Breakdown

Total Risk Score
95/100

Contributing Factors

Domain Impersonation
Uses unrelated domain to pose as known crypto brand
Technical Obfuscation
Detection of document.write obfuscation

🔬 Comprehensive Threat Analysis

Threat Type
Credential Harvesting Kit
Target
TokenPocket users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester
  • 1 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
TokenPocket
Official Website
https://www.tokenpocket.pro/
Fake Service
Crypto Wallet Download

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Malware Distribution

Prompts users to download a fake crypto wallet client which may contain backdoors.

Secondary Method: Brand Impersonation

Uses legitimate brand assets to build trust.

Target Blockchain
Multiple

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
lyqz365.com
Registered
2025-09-09
Registrar
Unknown
Status
Active

🤖 AI-Extracted Threat Intelligence

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.