EN ES PT
Back to Stats

Visual Capture

Screenshot of 193.221.200.149

Detection Info

http://193.221.200.149
Detected Brand
WYXERA
Country
International
Confidence
100%
HTTP Status
200
Report ID
74fe8a17-fba…
Analyzed
2026-01-13 01:50
Final URL (after redirects)
http://193.221.200.149/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T13DF26271D354ED7B91C2E3D6F731A29F7284D286AB4341A683F8C7485B87D88CC26C96
CONTENT ssdeep
384:jshwH8Pxwrwbw+wL1TY/w7PwKwLmRmmmAmVmtmHmomcljmAmtlmUtMatMVr9L/Yp:6lMkt9ePxUlc0Uiae+p

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
cd8932f6ce31e60c
VISUAL aHash
fffbfbf8f8e00000
VISUAL dHash
3032323272049ce4
VISUAL wHash
fff9f8f8f8e00000
VISUAL colorHash
11006200000
VISUAL cropResistant
3839193919382204,3032323272049ce4,179999f6e2f2131d,7664c89aa9c9a8a9,37a6a52a2ba22a7c

Code Analysis

Risk Score 68/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing targeting WYXERA users.
• Target: WYXERA crypto exchange users.
• Method: Fake WYXERA website with forms to steal login credentials.
• Exfil: Data exfiltration method is unknown, likely custom API, potentially to a Telegram or Discord bot.
• Indicators: IP address used as domain, obfuscated Javascript, presence of forms.
• Risk: HIGH - Immediate credential theft.

🔒 Obfuscation Detected

  • fromCharCode
😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.