SafeMode - Analysis: 97eds.luxemte.cc

Captura Visual

Información de Detección

https://97eds.luxemte.cc/mining/

Detected Brand

Binance

Country

International

Confianza

100%

HTTP Status

200

Report ID

a26e5d39-0ae…

Analyzed

2026-03-02 03:30

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T11AA283387295567B31C795F2B7216B6D7298C24FC727DA88A3F8C28977DEC668C61300
CONTENT ssdeep	384:OCsq6hsVBChUqL2OHfvm4tTig+4/2m2VVUrvA+QFXhkVDHV:OtFmoHfvjsQjA+SXhktHV

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	fc3a6aa581e11f26
VISUAL aHash	8f0181ffffe2e2f0
VISUAL dHash	5f35159696568616
VISUAL wHash	8f0101ffe3e2e0f8
VISUAL colorHash	07006008000
VISUAL cropResistant	ffffdde9f1f9dfff,ffffdde9f1f9ddff,5f35159696568616

Análisis de Código

Risk Score 76/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Binance
• Método: Suplantación de identidad y urgencia
• Exfil: Probablemente roba credenciales de inicio de sesión y, posiblemente, información financiera.
• Indicadores: Dominio nuevo, saldo falso de BTC, cuenta regresiva e instrucciones para retirar fondos.
• Riesgo: ALTO

🔒 Obfuscation Detected

fromCharCode
unicode_escape

🎯 Kit Endpoints

loginer.php

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Domain Age

Very recent domain is a major indicator of phishing.

Impersonation of Brand

The site mimics Binance's appearance to deceive users.

Suspicious Content

Claims of earned cryptocurrency and withdrawal urgency are typical of phishing.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

Binance users (International)

Método de Ataque

Brand impersonation + obfuscated JavaScript

Canal de Exfiltración

Form submission (backend endpoint not detected - likely JavaScript-based)

Evaluación de Riesgo

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
6 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Binance

Official Website

https://www.binance.com/

Fake Service

Cloud Mining

Fraudulent Claims

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The site is attempting to trick users into entering their Binance login credentials, likely through a form or link to a fake login page. The promise of a large Bitcoin balance and the threat of account blocking creates a strong incentive.

Secondary Method: Social Engineering

The site uses social engineering tactics, such as creating a sense of urgency and offering a reward, to manipulate users into providing their sensitive information. The use of a countdown timer increases the pressure.