Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://052585.cc
Detected Brand
K8 (Gambling Website)
Country
International
Confiança
100%
HTTP Status
200
Report ID
2d463f3e-860…
Analyzed
2026-02-17 06:52
Final URL (after redirects)
https://052585.cc/
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10831CE31C0C4CDFF0653C3E88B367B1BB2C68718D7136E0585EA47AE6A4AE66CD47885 |
|
CONTENT
ssdeep
|
24:tCcH4/u9tNG0lC9HXHJbqWHXHJaVN62MoxBZFUR/2/92DQAz6dT:lH6u9XG0lIbZaVN6eB0U6QAmdT |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c96636dde09c9c62 |
|
VISUAL
aHash
|
1000187e78181800 |
|
VISUAL
dHash
|
b4c4b2b2b23232cc |
|
VISUAL
wHash
|
5c6278fff8ba9800 |
|
VISUAL
colorHash
|
39c00010000 |
|
VISUAL
cropResistant
|
8cb6868e8ea626a6,b4c4b2b2b23232cc |
Análise de Código
Risk Score
77/100
Nível de Ameaça
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 Personal Info
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Usuários do site de apostas
• Método: Redirecionando usuários para um site malicioso
• Exfil: Potencialmente obtendo login do usuário, informações confidenciais.
• Indicadores: Idade do domínio, ofuscação, múltiplos pontos de entrada
• Risco: Alto
🔒 Obfuscation Detected
- eval
- unescape
- hex_escape
- unicode_escape
🎯 Kit Endpoints
- https://052585.cc/js/config.js?t=1771314684120
📡 API Calls Detected
- POST
📊 Detalhamento da Pontuação de Risco
Total Risk Score
90/100
Contributing Factors
Domain Age
Relatively new domain is suspicious. Phishers use new domains to avoid detection.
Obfuscation
Obfuscated code makes the website harder to analyze, indicating malicious intent.
Phishing Tactics
Offers promotions and urgency.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Credential Harvesting Kit
Alvo
K8 (Gambling Website) users (International)
Método de Ataque
obfuscated JavaScript
Canal de Exfiltração
Form submission (backend endpoint not detected - likely JavaScript-based)
Avaliação de Risco
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 51 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
K8凯发
Fake Service
Gambling and Betting
Fraudulent Claims
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The site likely aims to steal user credentials through a convincing login form, disguised to look like the real K8 website or a related service. Users are lured into inputting their details which are then stolen.
Secondary Method: Redirect to malicious site
The site redirects users to a malicious site that looks similar.
🌐 Indicadores de Compromisso de Infraestrutura
🦠 Malicious Files
Main File
config.js
File Size
📊 Diagrama de Fluxo de Ataque
User fills <input name='password'> → te() → fetch('https://052585.cc/js/config.js?t=1771314684120') → credentials sent
🔬 JavaScript Deep Analysis
Operator Language
English (1%)
Total Code Size
117,1 KB
🔗 API Endpoints Detected
Other
9
🔐 Obfuscation Detected
- : Light
- : None
- : None
- : Heavy
🤖 AI-Extracted Threat Intelligence
📊 Attack Flow
User fills <input name='password'> → te() → fetch('https://052585.cc/js/config.js?t=1771314684120') → credentials sent
🎯 Malicious Files Identified
Main Drainer
config.jsFile Size
estimated 45KB
Malicious Functions
tege
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.