SafeMode - Analysis: www.3115hh.com

EN ES PT

Back to Stats

Visual Capture

No screenshot available

Detection Info

http://www.3115hh.com

Detected Brand

Unknown

Country

International

Confidence

100%

HTTP Status

200

Report ID

92fe7f46-2f8…

Analyzed

2026-01-06 14:44

Final URL (after redirects)

https://www.3115hh.com:8989/verify-page/index.html

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T12EC12231C05B292BF90381E8B1B0DB5F62D2434ED782095592FD026677CED51F91A9DA
CONTENT ssdeep	96:puwX6S8LUfANuZsdFYTYcBZbEYTPdp2sclJnaWLlIJQ6B:b6SJouZs3kBNTPdp2sclJnak2Qg

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cbb627c91c89c1b6
VISUAL aHash	ffe7ffffdc280000
VISUAL dHash	f2cdca3329d15166
VISUAL wHash	ffe7ffdb98080000
VISUAL colorHash	0e0000001c0
VISUAL cropResistant	f2f1ccf8b32b35d9,8c6cacdcd86a7e5c,f87e7f7ffffebdaa,7158e8e871337d49,2b2835d950516364,210830b2b2320c11,11043232b2300c21

Code Analysis

Risk Score 86/100

Threat Level HIGH

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Generic phishing kit
• Target: Unknown brand users
• Method: Fake login form stealing credentials
• Exfil: Data sent via JavaScript form submission
• Indicators: Obfuscated JavaScript, recent domain age, no clear branding
• Risk: HIGH - Immediate credential theft

🔒 Obfuscation Detected

fromCharCode
document.write

🎯 Kit Endpoints

https://www.3115hh.com:8989/verify-page/theme/default/layer.css?v=3.1.0

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot

https://j3656vip.com/

Screenshot

https://vip3659n.com

http://3659b.vip

http://b-3-6-5-9.com

http://365907.vip

😰

"I Never Thought It Would Happen to Me"

That's what 2.3 million victims say every year. Don't wait to become a statistic.