SafeMode - Analysis: zackonbags.fun

Visual Capture

Detection Info

http://zackonbags.fun

Detected Brand

ZACK

Country

International

Confidence

100%

HTTP Status

200

Report ID

c6b78cf3-c4e…

Analyzed

2026-01-26 01:33

Final URL (after redirects)

https://zackonbags.fun/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1F6C296B02264103BA11B96DB6F26277936FBB1FDD8BB1154D7FD0A90ABE5C88F813045
CONTENT ssdeep	384:HWtqY+SAakFsiyteAG4UOOeAG4UOJWAU74CyZwQwq/V7/2o1RYXFFFCY01aVGux3:oAa4sko/y2Qwc7/2eRYXd0TYwKyhh0

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	92922d6de99296e3
VISUAL aHash	03646c6c4000407e
VISUAL dHash	968dcd8d926cd4d4
VISUAL wHash	4f447c7e60007e7e
VISUAL colorHash	38407000000
VISUAL cropResistant	e8d8b2eccda2e6e8,968dcd8d926cd4d4

Code Analysis

Risk Score 88/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Cryptocurrency phishing scam
• Target: Crypto enthusiasts and investors
• Method: Fake airdrop promotion to steal user data
• Exfil: Potential data exfiltration via obfuscated scripts
• Indicators: Domain mismatch, urgency tactics, recent domain
• Risk: HIGH - Potential for data theft and financial loss

🔒 Obfuscation Detected

atob
base64_strings

📡 API Calls Detected

https://lite-api.jup.ag/tokens/v2/search?query=
POST

📊 Risk Score Breakdown

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester, OTP Stealer, and Banking kits with real-time interception capabilities.

High Obfuscation

21 obfuscation techniques detected, indicating deliberate evasion of analysis and detection.

Crypto Reward Scam

Explicit use of 'free crypto rewards' as a lure to trick victims into connecting wallets.

Urgency Tactics

Use of 'Hurry up!' to pressure victims into immediate action without scrutiny.

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

ZACK users (International)

Attack Method

Brand impersonation + obfuscated JavaScript

Exfiltration Channel

Unknown

Risk Assessment

CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
21 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

ZACK

Official Website

https://www.zack.com

Fake Service

Free crypto rewards

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: CRYPTO Wallet Connection

The phishing site prompts users to connect their cryptocurrency wallets (e.g., MetaMask, Phantom) using buttons labeled 'Connect Wallet'. Once connected, the site likely requests token approvals or private key access to drain funds.

Secondary Method: Credential Harvesting

While no forms are visible, the presence of a Credential Harvester kit suggests hidden or dynamically loaded fields to capture login credentials or OTPs for account takeover.