Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
No screenshot available
Informações de Detecção
https://q-r.to/bgaEf4
Detected Brand
Unknown
Country
Unknown
Confiança
100%
HTTP Status
200
Report ID
b6c2fee4-185…
Analyzed
2026-01-26 12:46
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13A2255B1A540993B129386D4BA72AB0F73A44788CF432B11B7F8539E1EC6CA5DD5B091 |
|
CONTENT
ssdeep
|
96:n4duiE66x5h+J7ffPrxzSqywMQxRnMRH4R7+M/BOIkJ/BOIxx6/BOIxONhb5qDs9:1unrJUGfafGfUP5lx3gLiwqgw |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b70f8c0f370e8c0f |
|
VISUAL
aHash
|
1fffffe7e7ffffff |
|
VISUAL
dHash
|
6000000808000000 |
|
VISUAL
wHash
|
00ffdfc7243c3030 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
6000000808000000 |
Análise de Código
Risk Score
71/100
🎣 Credential Harvester
🎣 Personal Info
🔒 Obfuscation Detected
- eval
- fromCharCode
📡 API Calls Detected
- POST
- //
📊 Detalhamento da Pontuação de Risco
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected Credential Harvester and Personal Info kit types, indicating a high likelihood of credential and sensitive data harvesting.
High Obfuscation
36 obfuscation techniques detected, significantly increasing the difficulty of analysis and indicating malicious intent.
Suspicious JavaScript Files
Presence of JavaScript files (photoswipe.min.js, photoswipe-ui-default.min.js) with potential for malicious functionality, despite no immediate indicators of abuse.
Lack of Transparency
No identifiable IPs, nameservers, or clear language strings, complicating attribution and increasing risk of anonymized malicious activity.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Credential Harvesting Kit
Alvo
General public
Método de Ataque
obfuscated JavaScript
Canal de Exfiltração
Unknown
Avaliação de Risco
HIGH - Automated credential harvesting with Unknown
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, Personal Info
- 36 obfuscation techniques
🏢 Análise de Falsificação de Marca
Fake Service
Unknown (No specific brand or service impersonation detected)
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The phishing kit is designed to capture user credentials by presenting a fake login interface or form. The harvested data is likely transmitted to a remote server controlled by the attacker for further exploitation, such as account takeover or identity theft.
Secondary Method: Personal Information Theft
In addition to credentials, the kit may collect personal information such as names, addresses, or phone numbers. This data can be used for further social engineering attacks, identity fraud, or sold on underground markets.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domínio
q-r.to
Registered
2012-01-31 21:22:21+00:00
Registrar
Government of Kingdom of Tonga
Estado
Active (5108 days old)
🦠 Malicious Files
Main File
File Size
JavaScript file with no immediately detectable malicious functions but high obfuscation levels.
📊 Diagrama de Fluxo de Ataque
Here's a generic ASCII art attack flow diagram for the Banking phishing attack:
```
┌──────────────────────────────────────────────────────────┐
│ 1. TARGET RECEIVES DECEPTIVE MESSAGE │
│ - Victim directed to fake Banking site │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE SITE DISPLAYS CREDENTIAL FORM │
│ - Mimics legitimate Banking interface │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. VICTIM ENTERS CREDENTIALS │
│ - User submits login information │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. CREDENTIALS COLLECTED │
│ - Form data captured by attacker │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 5. DATA TRANSMITTED │
│ - Credentials sent via HTTP POST │
└──────────────────────────────────────────────────────────┘
```
🔬 JavaScript Deep Analysis
Total Code Size
40,8 KB
🔗 API Endpoints Detected
Other
5
🔐 Obfuscation Detected
- : Light
- : None
🤖 AI-Extracted Threat Intelligence
📊 Attack Flow
Here's a generic ASCII art attack flow diagram for the Banking phishing attack:
```
┌──────────────────────────────────────────────────────────┐
│ 1. TARGET RECEIVES DECEPTIVE MESSAGE │
│ - Victim directed to fake Banking site │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE SITE DISPLAYS CREDENTIAL FORM │
│ - Mimics legitimate Banking interface │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. VICTIM ENTERS CREDENTIALS │
│ - User submits login information │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. CREDENTIALS COLLECTED │
│ - Form data captured by attacker │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 5. DATA TRANSMITTED │
│ - Credentials sent via HTTP POST │
└──────────────────────────────────────────────────────────┘
```
🎯 Malicious Files Identified
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for q-r.to
Found 10 other scans for this domain
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.