Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
No screenshot available
Información de Detección
https://q-r.to/bgaEf4
Detected Brand
Unknown
Country
Unknown
Confianza
100%
HTTP Status
200
Report ID
b6c2fee4-185…
Analyzed
2026-01-26 12:46
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13A2255B1A540993B129386D4BA72AB0F73A44788CF432B11B7F8539E1EC6CA5DD5B091 |
|
CONTENT
ssdeep
|
96:n4duiE66x5h+J7ffPrxzSqywMQxRnMRH4R7+M/BOIkJ/BOIxx6/BOIxONhb5qDs9:1unrJUGfafGfUP5lx3gLiwqgw |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b70f8c0f370e8c0f |
|
VISUAL
aHash
|
1fffffe7e7ffffff |
|
VISUAL
dHash
|
6000000808000000 |
|
VISUAL
wHash
|
00ffdfc7243c3030 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
6000000808000000 |
Análisis de Código
Risk Score
71/100
🎣 Credential Harvester
🎣 Personal Info
🔒 Obfuscation Detected
- eval
- fromCharCode
📡 API Calls Detected
- POST
- //
📊 Desglose de Puntuación de Riesgo
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected Credential Harvester and Personal Info kit types, indicating a high likelihood of credential and sensitive data harvesting.
High Obfuscation
36 obfuscation techniques detected, significantly increasing the difficulty of analysis and indicating malicious intent.
Suspicious JavaScript Files
Presence of JavaScript files (photoswipe.min.js, photoswipe-ui-default.min.js) with potential for malicious functionality, despite no immediate indicators of abuse.
Lack of Transparency
No identifiable IPs, nameservers, or clear language strings, complicating attribution and increasing risk of anonymized malicious activity.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Credential Harvesting Kit
Objetivo
General public
Método de Ataque
obfuscated JavaScript
Canal de Exfiltración
Unknown
Evaluación de Riesgo
HIGH - Automated credential harvesting with Unknown
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 36 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Fake Service
Unknown (No specific brand or service impersonation detected)
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The phishing kit is designed to capture user credentials by presenting a fake login interface or form. The harvested data is likely transmitted to a remote server controlled by the attacker for further exploitation, such as account takeover or identity theft.
Secondary Method: Personal Information Theft
In addition to credentials, the kit may collect personal information such as names, addresses, or phone numbers. This data can be used for further social engineering attacks, identity fraud, or sold on underground markets.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
q-r.to
Registered
2012-01-31 21:22:21+00:00
Registrar
Government of Kingdom of Tonga
Estado
Active (5108 days old)
🦠 Malicious Files
Main File
File Size
JavaScript file with no immediately detectable malicious functions but high obfuscation levels.
📊 Diagrama de Flujo de Ataque
Here's a generic ASCII art attack flow diagram for the Banking phishing attack:
```
┌──────────────────────────────────────────────────────────┐
│ 1. TARGET RECEIVES DECEPTIVE MESSAGE │
│ - Victim directed to fake Banking site │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE SITE DISPLAYS CREDENTIAL FORM │
│ - Mimics legitimate Banking interface │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. VICTIM ENTERS CREDENTIALS │
│ - User submits login information │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. CREDENTIALS COLLECTED │
│ - Form data captured by attacker │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 5. DATA TRANSMITTED │
│ - Credentials sent via HTTP POST │
└──────────────────────────────────────────────────────────┘
```
🔬 JavaScript Deep Analysis
Total Code Size
40,8 KB
🔗 API Endpoints Detected
Other
5
🔐 Obfuscation Detected
- : Light
- : None
🤖 AI-Extracted Threat Intelligence
📊 Attack Flow
Here's a generic ASCII art attack flow diagram for the Banking phishing attack:
```
┌──────────────────────────────────────────────────────────┐
│ 1. TARGET RECEIVES DECEPTIVE MESSAGE │
│ - Victim directed to fake Banking site │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE SITE DISPLAYS CREDENTIAL FORM │
│ - Mimics legitimate Banking interface │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. VICTIM ENTERS CREDENTIALS │
│ - User submits login information │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. CREDENTIALS COLLECTED │
│ - Form data captured by attacker │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 5. DATA TRANSMITTED │
│ - Credentials sent via HTTP POST │
└──────────────────────────────────────────────────────────┘
```
🎯 Malicious Files Identified
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for q-r.to
Found 10 other scans for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.