Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
No screenshot available
Detection Info
http://amz-web.52ritao.cn
Detected Brand
Amazon
Country
International
Confidence
100%
HTTP Status
200
Report ID
f86c204d-f79…
Analyzed
2025-12-20 19:59
Final URL (after redirects)
http://amz-web.52ritao.cn/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C744D7A2E6313033252B52D1E93E7795B1D2E70FD3924B81FAF403242B99D636A1787D |
|
CONTENT
ssdeep
|
6144:EYkeLFNnzZ6BxCo62qnSMlcryHdUqie2eo75nlJyTixXmmfU/GanIVDsTrBSOJFi:lq4GfUeEVJcX1NebRF4cbKV |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
be51530e0f43465f |
|
VISUAL
aHash
|
00dfffb79393ff89 |
|
VISUAL
dHash
|
d01a9a6666655959 |
|
VISUAL
wHash
|
00cfff939191bd81 |
|
VISUAL
colorHash
|
06202010000 |
|
VISUAL
cropResistant
|
8080c2d2d2828080,9a9a866667655959,d0d8e8d8c80aaa2a,f0d88c2cccf8bde5,2d8bc3c3c7c0c00c |
Code Analysis
Risk Score
100/100
Threat Level
ALTO
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Threat: Brand impersonation phishing
• Target: Amazon customers internationally
• Method: Fake website mimicking the Amazon homepage to potentially steal credentials if clicked through to other pages.
• Exfil: Unknown, but likely designed for credential harvesting on subsequent pages.
• Indicators: Domain name not matching the official brand, and no SSL certificate
• Risk: HIGH - Potential credential theft and financial fraud
🔐 Credential Harvesting Forms
🎯 Kit Endpoints
- https://blog.aboutamazon.jp/?utm_source=gateway&utm_medium=footer
- /-/en/Hot-Wheels-Premium-Collector-Assortment/dp/B0DR3RC2SZ/?_encoding=UTF8&pd_rd_w=ASEjm&content-id=amzn1.sym.d1c332fd-1033-4e95-884b-c2ed08d3d8af&pf_rd_p=d1c332fd-1033-4e95-884b-c2ed08d3d8af&pf_rd_r=F3D36Q3S32GD06TK4B2N&pd_rd_wg=hl2Cm&pd_rd_r=126c1b42-4309-472f-a998-f63ea83e4620&ref_=pd_hp_d_btf_exports_top_sellers_unrec_jp
📡 API Calls Detected
- POST
- GET
📤 Form Action Targets
- /s/ref=nb_sb_noss
- get
Scan History for amz-web.52ritao.cn
Found 2 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.