SafeMode - Analysis: www.q6m9fh.cn

Visual Capture

Detection Info

http://www.q6m9fh.cn/

Detected Brand

Binance

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

7e2e7cd6-a8d…

Analyzed

2026-05-23 22:15

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1F8D22338655147BB16C342B475A5FB2DE3E4CB9AC627DE0BF2F8826B178BC49CD41290
CONTENT ssdeep	768:r99H01a8b1XMY9T3P73r0SEH6p/fRi/gxWNvZzZhuGtO8NZRW8V14t4ZVvgKE+pj:r9O30SEHaU+j6

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	bfc43bc03bc03dc8
VISUAL aHash	ffb1e1e1ffffff0f
VISUAL dHash	c96b6747438c0e1e
VISUAL wHash	7d0181a0e1ffe707
VISUAL colorHash	06000038000
VISUAL cropResistant	c96b6747438c0e1e,49b049b4b4b0b018

Code Analysis

Threat Level ALTO

⚠️ Phishing Confirmed

📊 Risk Score Breakdown

Total Risk Score

40/100

🔬 Comprehensive Threat Analysis

Threat Type

Binance Phishing Landing Page

Target

Binance users

Attack Method

Phishing webpage

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

LOW - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

🏢 Brand Impersonation Analysis

Impersonated Brand

Binance

Official Website

https://www.binance.com

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Brand Impersonation Redirect

Impersonates Binance to build victim trust through search engine manipulation or malicious advertisements. Often redirects to credential theft pages or serves malware disguised as legitimate software.

Secondary Method: Standard Phishing Techniques

Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.