EN ES PT
Back to Stats

Captura Visual

Screenshot of sparkasseinvest.de

Información de Detección

https://sparkasseinvest.de/
Detected Brand
Unknown
Country
International
Confianza
100%
HTTP Status
200
Report ID
97c1809f-a57…
Analyzed
2026-02-23 16:57

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T162E2D9329019683F069BB3D0A771B32A738683DED583171A42FDC71E5BDBE90DD1A4A4
CONTENT ssdeep
384:FeaJzYbII14iIIIII9hYV5y/HC2l2g6PkCrGCyLElqQPfWpW:gaJ8bIIhIIIIIu5y/HCdg6PrrZTqQnx

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
86e3711c9c397396
VISUAL aHash
00e1f7ff7f181818
VISUAL dHash
8fcfcbf3e5f1f0f0
VISUAL wHash
00f1ffdf7f181810
VISUAL colorHash
19038000000
VISUAL cropResistant
f363d3cadd988c8c,0002c8fcd4440000,8fcfcbf3e5f1f0f0

Análisis de Código

Risk Score 68/100
Nivel de Amenaza ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Personas interesadas en el trading de criptomonedas
• Método: Suplantación y ofertas atractivas.
• Exfil: Potencialmente información personal y financiera ingresada en el formulario.
• Indicadores: Reclamaciones de altos beneficios, formulario de registro.
• Riesgo: Alto

🔒 Obfuscation Detected

  • unicode_escape

📡 API Calls Detected

  • /api/sms-verification-status
  • POST
  • /api/sms/send
  • /api/leads
  • /api/leads/
  • /api/sms/verify

📊 Desglose de Puntuación de Riesgo

Total Risk Score
90/100

Contributing Factors

Active Phishing Kit
The website exhibits several characteristics associated with active phishing campaigns. Specifically, the site has a registration form to collect personal information for fraud. Also the promises of extreme returns is a characteristic of this type of attack.
High Profit Claims
The website promises extremely high returns, which is a very strong indicator of phishing.
Unusual Domain and Brand Name
The domain name does not match the known brand and uses a German TLD.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Two-Factor Authentication Stealer
Objetivo
General public
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer
  • 41 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Sparkasse Invest (Crypto Trading Platform)
Fake Service
Crypto Trading

Fraudulent Claims

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker aims to steal user credentials (name, email, phone number) by having the user enter them into a fake registration form. The site is related to crypto, so the end goal could also be draining crypto wallets. JavaScript obfuscation detected as well.

Secondary Method: Malware distribution

There is a possibility of injecting malware after registration.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
sparkasseinvest.de
Registered
Unknown
Registrar
Unknown
Estado
Unknown

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.