SafeMode - Analysis: zackonbags.fun

Captura Visual

Información de Detección

http://zackonbags.fun

Detected Brand

ZACK

Country

International

Confianza

100%

HTTP Status

200

Report ID

c6b78cf3-c4e…

Analyzed

2026-01-26 01:33

Final URL (after redirects)

https://zackonbags.fun/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1F6C296B02264103BA11B96DB6F26277936FBB1FDD8BB1154D7FD0A90ABE5C88F813045
CONTENT ssdeep	384:HWtqY+SAakFsiyteAG4UOOeAG4UOJWAU74CyZwQwq/V7/2o1RYXFFFCY01aVGux3:oAa4sko/y2Qwc7/2eRYXd0TYwKyhh0

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	92922d6de99296e3
VISUAL aHash	03646c6c4000407e
VISUAL dHash	968dcd8d926cd4d4
VISUAL wHash	4f447c7e60007e7e
VISUAL colorHash	38407000000
VISUAL cropResistant	e8d8b2eccda2e6e8,968dcd8d926cd4d4

Análisis de Código

Risk Score 88/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Estafa de phishing de criptomonedas
• Objetivo: Enthusiastas y inversores de criptomonedas
• Método: Promoción falsa de airdrop para robar datos de usuario
• Exfil: Posible exfiltración de datos a través de scripts ofuscados
• Indicadores: Dominio no coincidente, tácticas de urgencia, dominio reciente
• Riesgo: ALTO - Posibilidad de robo de datos y pérdida financiera

🔒 Obfuscation Detected

atob
base64_strings

📡 API Calls Detected

https://lite-api.jup.ag/tokens/v2/search?query=
POST

📊 Desglose de Puntuación de Riesgo

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester, OTP Stealer, and Banking kits with real-time interception capabilities.

High Obfuscation

21 obfuscation techniques detected, indicating deliberate evasion of analysis and detection.

Crypto Reward Scam

Explicit use of 'free crypto rewards' as a lure to trick victims into connecting wallets.

Urgency Tactics

Use of 'Hurry up!' to pressure victims into immediate action without scrutiny.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

ZACK users (International)

Método de Ataque

Brand impersonation + obfuscated JavaScript

Canal de Exfiltración

Unknown

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
21 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

ZACK

Official Website

https://www.zack.com

Fake Service

Free crypto rewards

Fraudulent Claims

⚔️ Metodología de Ataque

Primary Method: CRYPTO Wallet Connection

The phishing site prompts users to connect their cryptocurrency wallets (e.g., MetaMask, Phantom) using buttons labeled 'Connect Wallet'. Once connected, the site likely requests token approvals or private key access to drain funds.

Secondary Method: Credential Harvesting

While no forms are visible, the presence of a Credential Harvester kit suggests hidden or dynamically loaded fields to capture login credentials or OTPs for account takeover.