EN ES PT
Back to Stats

Visual Capture

Screenshot of sparkasseinvest.de

Detection Info

https://sparkasseinvest.de/
Detected Brand
Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
97c1809f-a57…
Analyzed
2026-02-23 16:57

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T162E2D9329019683F069BB3D0A771B32A738683DED583171A42FDC71E5BDBE90DD1A4A4
CONTENT ssdeep
384:FeaJzYbII14iIIIII9hYV5y/HC2l2g6PkCrGCyLElqQPfWpW:gaJ8bIIhIIIIIu5y/HCdg6PrrZTqQnx

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
86e3711c9c397396
VISUAL aHash
00e1f7ff7f181818
VISUAL dHash
8fcfcbf3e5f1f0f0
VISUAL wHash
00f1ffdf7f181810
VISUAL colorHash
19038000000
VISUAL cropResistant
f363d3cadd988c8c,0002c8fcd4440000,8fcfcbf3e5f1f0f0

Code Analysis

Risk Score 68/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Individuals interested in crypto trading
• Method: Impersonation and enticing offers.
• Exfil: Potentially personal and financial information entered into the form.
• Indicators: High-profit claims, registration form.
• Risk: High

🔒 Obfuscation Detected

  • unicode_escape

📡 API Calls Detected

  • /api/sms-verification-status
  • POST
  • /api/sms/send
  • /api/leads
  • /api/leads/
  • /api/sms/verify

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Active Phishing Kit
The website exhibits several characteristics associated with active phishing campaigns. Specifically, the site has a registration form to collect personal information for fraud. Also the promises of extreme returns is a characteristic of this type of attack.
High Profit Claims
The website promises extremely high returns, which is a very strong indicator of phishing.
Unusual Domain and Brand Name
The domain name does not match the known brand and uses a German TLD.

🔬 Comprehensive Threat Analysis

Threat Type
Two-Factor Authentication Stealer
Target
General public
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer
  • 41 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Sparkasse Invest (Crypto Trading Platform)
Fake Service
Crypto Trading

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker aims to steal user credentials (name, email, phone number) by having the user enter them into a fake registration form. The site is related to crypto, so the end goal could also be draining crypto wallets. JavaScript obfuscation detected as well.

Secondary Method: Malware distribution

There is a possibility of injecting malware after registration.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
sparkasseinvest.de
Registered
Unknown
Registrar
Unknown
Status
Unknown

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.