Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
No screenshot available
Detection Info
https://instant-6000-renova.com/
Detected Brand
Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
a10777b5-02fâŚ
Analyzed
2026-02-23 15:12
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T129A3EE234259752A4077C7D430BA1F3BD1AA994BFAE709400EDCD7F62BFAC50702B699 |
|
CONTENT
ssdeep
|
768:SlUre4Ne9tMbXReQ/GJi55RPGOrbbd8zc/+lYNqcnA:49tMbXlOJi55R+Ovbd8zcUYNqcnA |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9612ed6d0d671693 |
|
VISUAL
aHash
|
00040e060600ffff |
|
VISUAL
dHash
|
d73cecccec0c0326 |
|
VISUAL
wHash
|
000e0e0e0e8effff |
|
VISUAL
colorHash
|
02003400400 |
|
VISUAL
cropResistant
|
bc6cccccbc0c0026,dcbd6cecccccac6c,1c07412513161c3c |
Code Analysis
Risk Score
73/100
Threat Level
ALTO
â ď¸ Phishing Confirmed
đŁ OTP Stealer
đŁ Banking
đŁ Personal Info
đŹ Threat Analysis Report
⢠Threat: Phishing
⢠Target: Unsuspecting users
⢠Method: Deception - collecting personal information.
⢠Exfil: Potentially to unknown targets. Obfuscation suggests intent to hide exfiltration process
⢠Indicators: Suspicious domain, form, no brand association.
⢠Risk: High
đ Obfuscation Detected
- unicode_escape
đĄ API Calls Detected
- ./form/handle_form.php
- https://amos-mamaya.fun/geo
đ Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Suspicious Domain and Lack of Branding
The domain is not associated with a known brand. No logos, or brand identity are visible.
Requests for Personal Information
The site directly requests personal information (name, email) without a clear purpose.
JavaScript and Obfuscation
JavaScript form submission indicates potential malicious activity, and obfuscation is a red flag.
đŹ Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
General public
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
â ď¸ Indicators of Compromise
- Kit types: OTP Stealer, Banking, Personal Info
- 31 obfuscation techniques
đ˘ Brand Impersonation Analysis
Impersonated Brand
Unknown
Fake Service
Trading Platform
Fraudulent Claims
âď¸ Attack Methodology
Primary Method: Credential Harvesting
The site is designed to collect user's personal information by having them fill out a form.
Secondary Method: Data Exfiltration
The stolen data is likely exfiltrated by javascript, potentially to a remote server for malicious purposes.
đ Infrastructure Indicators of Compromise
Domain Information
Domain
instant-6000-renova.com
Registered
2023-10-27
Registrar
Unknown
Status
active
đ¤ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://nul.smartproinvest.com/
Jun 20, 2026
No screenshot
Unknown
https://credonexiafunziona.com/
Feb 27, 2026
Zenflow Capital or similar financial services
https://zenflow-capital.com/
Feb 25, 2026
No screenshot
Unknown
https://quantumdexair9000.net/
Feb 25, 2026
Unknown - Financial Services
https://skybarrowfundvia.com/
Feb 24, 2026
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.