Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
No screenshot available
Detection Info
http://www.x.pzfdyx.com/wap/
Detected Brand
Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
db0219b5-2ea…
Analyzed
2026-01-03 01:01
Final URL (after redirects)
http://www.x.pzfdyx.com/start/#/index
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T153C3EBB19690213B42338AE4A8612F4F76D7F35ECA968D00A3FC47EE6FD7C90B504596 |
|
CONTENT
ssdeep
|
3072:nOCm7YhEHcdpFIaKXwoP7WQFqgoRCw2vJ2:nOCm7YhEHcdpFIaKXwoP7WQFqgoRCw2k |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f6a558dd22a84376 |
|
VISUAL
aHash
|
00ff7763e6feff00 |
|
VISUAL
dHash
|
896ceccf4c48352d |
|
VISUAL
wHash
|
00ff7601e6fed700 |
|
VISUAL
colorHash
|
06e00008000 |
|
VISUAL
cropResistant
|
096cec8f4c482535,0000009393820080,010c686969697434,3535253d3db9edec |
Code Analysis
Risk Score
95/100
Threat Level
BAJO
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
🔥 Firebase Backend
🔬 Threat Analysis Report
• Threat: Potential data harvesting due to suspicious domain and javascript
• Target: Online shoppers
• Method: Website collects user data through form submissions and tracking
• Exfil: Unknown, data may be sent to the suspicious domain
• Indicators: Suspicious domain, JavaScript form submission detected, obfuscated Javascript
• Risk: LOW - Potential data collection, but no brand impersonation detected
🔒 Obfuscation Detected
- atob
- fromCharCode
- unescape
- document.write
- unicode_escape
- base64_strings
📡 API Calls Detected
- /api/activity/lottery!getCurrentActivity.action
- api/syspara!getSyspara.action
- /api/credit!histroy.action
- /api/localuser!registerWithVerifcode.action
- /public/userOnlineChatController!unread.action
- /api/credit!bill.action
- /api/credit!beforereapply.action
- /api/credit!check.action
- /api/localuser!get.action
- /api/credit!pay.action
- /api/credit!apply.action
- /api/jscode!execute.action
- api/newOnlinechat!unread.action
- /api/category!tree.action
- https://www.google.com/ccm/geo
- post
- /api/credit!beforepay.action
- /api/localuser!registerNoVerifcode.action
- /api/category!sellerTree.action
- /api/credit!config.action
- GET
☁️ Cloud Backend
- Firebase: fir-eb636.firebaseapp.com
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://cdn.gosafemode.com/screenshots/832992b0ad05.png
Apr 01, 2026
Unknown
https://j.91boris.com/
Mar 30, 2026
Unknown
https://cdn.gosafemode.com/screenshots/5d51da11cde4.png
Mar 11, 2026
No screenshot
Unknown
http://w.rodzalez.com/
Jan 15, 2026
No screenshot
Unknown
https://x.pzfdyx.com/start/
Jan 04, 2026
Scan History for www.x.pzfdyx.com
Found 2 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.