Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://flowingdi.top/
Detected Brand
Amazon
Country
Unknown
Confianza
100%
HTTP Status
200
Report ID
72fc7f8e-f99…
Analyzed
2026-06-09 11:14
Final URL (after redirects)
https://www.amazon.pl/POLHIM-Bawelniana-torba-noszenia-bawelny/dp/B0DFWSLFKB?ref_=Oct_d_otopr_d_26968876031_5&pd_rd_w=5IAJF&content-id=amzn1.sym.cea32484-ed0a-4ca1-ac5b-664c128eb2cd&pf_rd_p=cea32484-ed0a-4ca1-ac5b-664c128eb2cd&pf_rd_r=M8JVDE246C5EXBNWCA3Z&pd_rd_wg=w1KS0&pd_rd_r=854ba7dc-59c1-4c9a-ab3f-b9bac38d0b5f&pd_rd_i=B0DFWSLFKB
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19A948650F2E25833202F52D6E0B8671921D3F7ABD7420BC1E7B447B85BF6CA9781B658 |
|
CONTENT
ssdeep
|
6144:RJaKMWmAQYTzZ6BCo62HqnSMlcryHw4DDXzXnLFXrMFeSCLSTcJ2OsiJiVvgx:Y4DbLLBX9LSTcJ7x |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9e5641431e1f4757 |
|
VISUAL
aHash
|
00ff9f9f9fffdbff |
|
VISUAL
dHash
|
e82e2d3939233b33 |
|
VISUAL
wHash
|
008f8d9d9d8381ff |
|
VISUAL
colorHash
|
07006008000 |
|
VISUAL
cropResistant
|
c0c0e2eaeac2c0c0,3e2d393939233b73,c0e8f0e8c8064b43 |
Análisis de Código
Risk Score
100/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- atob
- eval
- fromCharCode
- unescape
- document.write
- hex_escape
- unicode_escape
- base64_strings
🎯 Kit Endpoints
- navigate:btf-sub-nav-desktop-customer-reviews
- navigate:btf-sub-nav-desktop-similar
- /?ref_=footer_logo
- navigate:btf-sub-nav-desktop-back-to-top
- navigate:btf-sub-nav-desktop-back-to-top-title
- https://blog.aboutamazon.pl/
- /ref=nav_logo
- navigate:btf-sub-nav-desktop-back-to-top-image
- navigate:btf-sub-nav-desktop-from-the-brand
📡 API Calls Detected
- /your-feedback-endpoint
- /dp/
- /cart/ewc/compact?hostPageType\x3dDetail\x26prerender\x3d0
- GET
- POST
📤 Form Action Targets
- /gp/product/handle-buy-box/ref=dp_start-bbf_1_glance
- javascript:void(0);
- /privacyprefs/retail/v3/banner
- /s/ref=nb_sb_noss
- get
📊 Desglose de Puntuación de Riesgo
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
Credential Harvesting
Credential harvesting detected with 8 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 2521 technique(s) to evade detection
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Banking Credential Harvester
Objetivo
Amazon users
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 2521 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Amazon
Official Website
https://www.amazon.com
Fake Service
Banking/payment service
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 2521 techniques to evade detection by security scanners and make reverse engineering more difficult.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
flowingdi.top
Registered
2026-04-10 16:11:24+00:00
Registrar
PDR Ltd
Estado
Active (59 days old)
Hosting Information
Provider
PDR Ltd
ASN
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.