SafeMode - Analysis: www.bitflyer8.win

Visual Capture

Detection Info

https://www.bitflyer8.win/?shiny

Detected Brand

bitFlyer

Country

International

Confidence

100%

HTTP Status

200

Report ID

c492c0d3-63f…

Analyzed

2026-02-18 05:37

Final URL (after redirects)

https://www.bitflyer8.win/?shiny#/home

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1CDC23610771256B38173A5D19291AF8A71D7E31FCA0A46402FEC639BBFC6EF078550AA
CONTENT ssdeep	384:Y3KZVEdqBnMhWQIMwcZww87goZWZbGO9WsllpTJ:VZVEdqBnMhWQIMwcZww3oZjO9VpTJ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c3f23c3c65e3321a
VISUAL aHash	807fffff60000000
VISUAL dHash	63f8c8c4d0327171
VISUAL wHash	80ffffff7000003c
VISUAL colorHash	18006000000
VISUAL cropResistant	74e4f0a8a8ace030,80881c8281808080,3ae0c180c068b498,63f8c8c4d0327171

Code Analysis

Risk Score 97/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing
• Target: bitFlyer users
• Method: Domain spoofing and JavaScript obfuscation to steal credentials.
• Exfil: Likely through the form submission.
• Indicators: Domain mismatch, Javascript obfuscaton
• Risk: HIGH

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
unicode_escape
base64_strings

🎯 Kit Endpoints

https://www.bitflyer8.win/api/exfiltrate
#/login

📡 API Calls Detected

../../static/guide_book.pdf
POST
https://direct.lc.chat/12827847/
GET
post
https://api.weexpro.cc/wp/WEEX_Whitepaper.pdf
https://exchange-hk.oss-cn-hongkong.aliyuncs.com/MetaUniverseGlobalcoin/upload/qly_1640247993000.MP4

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Domain Age

Domain created recently.

Obfuscated JavaScript

Detection of atob, eval, fromCharCode in javascript code, suggesting malicious intent.

Domain mismatch

The domain does not match the known legitimate bitFlyer domain.

Impersonation

The website attempts to look like the bitFlyer website.

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

bitFlyer users (International)

Attack Method

Brand impersonation + obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
88 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

bitFlyer

Official Website

https://bitflyer.com/en-us/

Fake Service

bitFlyer trading platform

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The site is designed to steal user credentials by mimicking the bitFlyer login page. Users are prompted to enter their login details, which are then captured by the attackers.

🌐 Infrastructure Indicators of Compromise

🦠 Malicious Files

Main File

app.2441857a7db31acbac53.js

File Size

Functions: sendData, submitForm

📊 Attack Flow Diagram

User fills <input name='username'> → submitForm() → fetch('https://www.bitflyer8.win/api/exfiltrate') → credentials sent

🔬 JavaScript Deep Analysis

Operator Language

English (0%)

Sophistication Level

Basic

Total Code Size

3.3 MB

🔗 API Endpoints Detected

Other

15

🔐 Obfuscation Detected

: None
: None
: Heavy
: Moderate

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

User fills <input name='username'> → submitForm() → fetch('https://www.bitflyer8.win/api/exfiltrate') → credentials sent

🎯 Malicious Files Identified

Main Drainer

app.2441857a7db31acbac53.js

File Size

45KB

Malicious Functions

sendData
submitForm

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

bitFlyer

https://www.bitfyer.cc/?shiny

Jun 01, 2026

bitFlyer

https://www.bitflyer.us.cc/?shiny

May 12, 2026