Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://bitsaehetj2018.com/
Detected Brand
Bitsae
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
dd18a9a9-1cf…
Analyzed
2026-06-19 12:08
Final URL (after redirects)
https://bitsaehetj2018.com/Login/index
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T197022131D151DD3F10A6F2C4DB706B5B72A2438A8A12470147F1A73EADDAEF5EC2A198 |
|
CONTENT
ssdeep
|
192:Z3566CMSYDzSK+GhNJzSW1zSy8vzSsCzSLi72zzmSEu+zzmSLwBMmduMmIQlQMB5:Z356RMtDzhVhNJz/1zL8vzFCzui72zCr |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c9c96363ed6189c9 |
|
VISUAL
aHash
|
0018181818180000 |
|
VISUAL
dHash
|
43b2b2b2b2b20030 |
|
VISUAL
wHash
|
e33c3ebd3c383403 |
|
VISUAL
colorHash
|
380000001c0 |
|
VISUAL
cropResistant
|
0616414cc1415551,43b2b2b2b2b20030 |
Code Analysis
Risk Score
71/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Personal Info
🔒 Obfuscation Detected
- fromCharCode
- document.write
🎯 Kit Endpoints
- /Login/index/Lang/pt
- /Login/register
- /Login/index/Lang/th
- /Login/index/Lang/zh-cn
- /Login/index/Lang/fr-fr
- /Login/index/Lang/may
- /Login/index/Lang/ja-jp
- /Login/index/Lang/ko-kr
- /Login/index/Lang/it-it
- /Login/index/Lang/vie
- /Login/index/Lang/spa
- /Login/index/Lang/ara
- /Login/index/Lang/en-us
- /Login/index/Lang/de-de
- /Login/index/Lang/tr-tr
- /Verify/code
- /Login/index
📊 Risk Score Breakdown
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester, Personal Info
Credential Harvesting
Credential harvesting detected with 1 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 7 technique(s) to evade detection
🔬 Comprehensive Threat Analysis
Threat Type
Credential Harvesting Kit
Target
Bitsae users
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 7 obfuscation techniques
🏢 Brand Impersonation Analysis
Impersonated Brand
Bitsae
Official Website
N/A
Fake Service
Credential harvesting service
⚔️ Attack Methodology
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
bitsaehetj2018.com
Registered
2026-03-16 11:18:49+00:00
Registrar
TuringSign Inc. d/b/a Cosmotown
Status
Active (95 days old)
Hosting Information
Provider
TuringSign Inc. d/b/a Cosmotown
ASN
🤖 AI-Extracted Threat Intelligence
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.