SafeMode - Analysis: lyqz365.com

Captura Visual

Informações de Detecção

https://lyqz365.com/

Detected Brand

TokenPocket

Country

International

Confiança

95%

HTTP Status

200

Report ID

61e6b1d3-a7f…

Analyzed

2026-06-02 10:36

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T13B32D7799146EEBA02D293EF5F39337FB26489D1CC570A85A6E0C74C8ED4D4DDC408AA
CONTENT ssdeep	192:m+k2n4Cse8rfqA+faeE2UeE2tyDolg8XiEus:mtFCsHrfAfaL2U32oolg8os

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b83f27474948475d
VISUAL aHash	008fdfdfffffdfff
VISUAL dHash	33383c3030ec3c38
VISUAL wHash	00078f8fdf078f47
VISUAL colorHash	07000e00000
VISUAL cropResistant	33383c3030ec3c38,000340cbcb000313

Análise de Código

Risk Score 53/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Ameaça: Phishing/Representação de Carteira Cripto
• Alvo: Usuários do TokenPocket
• Método: Promoção de download de software malicioso
• Exfil: Desconhecido (provável payload de malware)
• Indicadores: Domínio não oficial, clonagem de marca
• Risco: Alto

🔒 Obfuscation Detected

document.write

🎯 Kit Endpoints

www.lyqz365.com/blog

📊 Detalhamento da Pontuação de Risco

Total Risk Score

95/100

Contributing Factors

Domain Impersonation

Uses unrelated domain to pose as known crypto brand

Technical Obfuscation

Detection of document.write obfuscation

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Credential Harvesting Kit

Alvo

TokenPocket users (International)

Método de Ataque

Brand impersonation + obfuscated JavaScript

Canal de Exfiltração

Form submission (backend endpoint not detected - likely JavaScript-based)

Avaliação de Risco

MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester
1 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

TokenPocket

Official Website

https://www.tokenpocket.pro/

Fake Service

Crypto Wallet Download

Fraudulent Claims

⚔️ Metodologia de Ataque

Primary Method: Malware Distribution

Prompts users to download a fake crypto wallet client which may contain backdoors.

Secondary Method: Brand Impersonation

Uses legitimate brand assets to build trust.

Target Blockchain

Multiple

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio

lyqz365.com

Registered

2025-09-09

Registrar

Unknown

Estado

Active

Phishing Analysis