Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://052585.cc
Detected Brand
K8 (Gambling Website)
Country
International
Confianza
100%
HTTP Status
200
Report ID
2d463f3e-860…
Analyzed
2026-02-17 06:52
Final URL (after redirects)
https://052585.cc/
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10831CE31C0C4CDFF0653C3E88B367B1BB2C68718D7136E0585EA47AE6A4AE66CD47885 |
|
CONTENT
ssdeep
|
24:tCcH4/u9tNG0lC9HXHJbqWHXHJaVN62MoxBZFUR/2/92DQAz6dT:lH6u9XG0lIbZaVN6eB0U6QAmdT |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c96636dde09c9c62 |
|
VISUAL
aHash
|
1000187e78181800 |
|
VISUAL
dHash
|
b4c4b2b2b23232cc |
|
VISUAL
wHash
|
5c6278fff8ba9800 |
|
VISUAL
colorHash
|
39c00010000 |
|
VISUAL
cropResistant
|
8cb6868e8ea626a6,b4c4b2b2b23232cc |
Análisis de Código
Risk Score
77/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios del sitio web de apuestas
• Método: Redirigir a los usuarios a un sitio malicioso
• Exfil: Potencialmente obtener el inicio de sesión del usuario, información confidencial.
• Indicadores: Edad del dominio, ofuscación, múltiples puntos de entrada
• Riesgo: Alto
🔒 Obfuscation Detected
- eval
- unescape
- hex_escape
- unicode_escape
🎯 Kit Endpoints
- https://052585.cc/js/config.js?t=1771314684120
📡 API Calls Detected
- POST
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain Age
Relatively new domain is suspicious. Phishers use new domains to avoid detection.
Obfuscation
Obfuscated code makes the website harder to analyze, indicating malicious intent.
Phishing Tactics
Offers promotions and urgency.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Credential Harvesting Kit
Objetivo
K8 (Gambling Website) users (International)
Método de Ataque
obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 51 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
K8凯发
Fake Service
Gambling and Betting
Fraudulent Claims
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The site likely aims to steal user credentials through a convincing login form, disguised to look like the real K8 website or a related service. Users are lured into inputting their details which are then stolen.
Secondary Method: Redirect to malicious site
The site redirects users to a malicious site that looks similar.
🌐 Indicadores de Compromiso de Infraestructura
🦠 Malicious Files
Main File
config.js
File Size
📊 Diagrama de Flujo de Ataque
User fills <input name='password'> → te() → fetch('https://052585.cc/js/config.js?t=1771314684120') → credentials sent
🔬 JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
117,1 KB
🔗 API Endpoints Detected
Other
9
🔐 Obfuscation Detected
- : Light
- : None
- : None
- : Heavy
🤖 AI-Extracted Threat Intelligence
📊 Attack Flow
User fills <input name='password'> → te() → fetch('https://052585.cc/js/config.js?t=1771314684120') → credentials sent
🎯 Malicious Files Identified
Main Drainer
config.jsFile Size
estimated 45KB
Malicious Functions
tege
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.