Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://wollohmsirp.fun/s6990-bwd68lh
Detected Brand
Mothership / DBS / PayLah!
Country
Unknown
Confianza
100%
HTTP Status
200
Report ID
8eb55d97-133…
Analyzed
2026-06-30 06:39
Final URL (after redirects)
https://wollohmsirp.fun/s6990-bwd68lh/
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10C42D8BFD142136B5DB046C1F5072BAF67A955CD72466A44BDEBC36C4E49C2BC0728E0 |
|
CONTENT
ssdeep
|
384:yCZ06siPOqLvsib/siPsiVwsi/siiJHsigMsiPdosi7siM3A:siPDYiYiUiV9iEiMMigpiPrigid |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e19a4e66314e1e79 |
|
VISUAL
aHash
|
00ffffe3c3c3c3c3 |
|
VISUAL
dHash
|
e89c9c9e9e8e8e96 |
|
VISUAL
wHash
|
00dfc7c3c3c3c3c3 |
|
VISUAL
colorHash
|
06200030000 |
|
VISUAL
cropResistant
|
b09c949e9e8e8696,c2d2f3b3e7c6c4c9,62fde6c2c0ecd4fc,000024e8e8e86410,289cdd8d8c99b88a |
Análisis de Código
Risk Score
85/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
🔒 Obfuscation Detected
- eval
- fromCharCode
- unescape
- unicode_escape
- base64_strings
🎯 Kit Endpoints
- https://free188pp-olymp-jaychou-v2.spd666.online/sge/?country=SG&lang=en&affcampaign=LHDBWD&aff=AFFQQXTCJ&dialog=KNTCI&clickid=wmionunrhl0mk8gjjeiomrma&ip=207.244.255.96&useragent=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F131.0.0.0%20Safari%2F537.36&brand=spade66&vtm=1782808752730
📡 API Calls Detected
- POST
- GET
📊 Desglose de Puntuación de Riesgo
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
Code Obfuscation
JavaScript code obfuscated using 190 technique(s) to evade detection
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Banking Credential Harvester
Objetivo
Mothership / DBS / PayLah! users
Método de Ataque
obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
- 190 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Mothership / DBS / PayLah!
Official Website
N/A
Fake Service
Banking/payment service
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 190 techniques to evade detection by security scanners and make reverse engineering more difficult.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
wollohmsirp.fun
Registered
2026-06-21 07:41:33.288000+00:00
Registrar
GoDaddy.com, LLC
Estado
Recently registered (9 days old)
Hosting Information
Provider
GoDaddy
ASN
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for wollohmsirp.fun
Found 1 other scan for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.