EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

https://qrco.de/bgZUNV
Detected Brand
Microsoft
Country
Unknown
Confiança
95%
HTTP Status
200
Report ID
e93c8eec-513…
Analyzed
2026-01-26 08:49

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1681255B195809D3B129786E4AA71AB0F77E44788CF432B11BAF853DE1FC6CA5DC4B091
CONTENT ssdeep
96:n4duiEpxl+JQfPrxzoqiwMQZBRnMRH4RJu/wJ/Fx6/lO4IhbP1hDss8Mcr8QbHA+:1vnr15ZkhOSw4KNKsfcrvbWfLiwqgw

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
a70f8d0f27078d0f
VISUAL aHash
3fffffe7e7ffffff
VISUAL dHash
6008000808000800
VISUAL wHash
00ffffe720383030
VISUAL colorHash
07001019040
VISUAL cropResistant
6008000808000800

Análise de Código

Risk Score 71/100
Nível de Ameaça HIGH
🎣 Credential Harvester 🎣 Personal Info

🔒 Obfuscation Detected

  • eval
  • fromCharCode

📡 API Calls Detected

  • POST
  • //

📊 Detalhamento da Pontuação de Risco

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester and Personal Info kit types, indicating a high likelihood of credential and sensitive data harvesting.
Obfuscation Techniques
36 obfuscation techniques detected, significantly increasing the difficulty of analysis and indicating malicious intent.
Suspicious JavaScript Files
Presence of JavaScript files (photoswipe.min.js, photoswipe-ui-default.min.js) with potential for malicious functionality, despite no immediate indicators of abuse.
Lack of Transparency
No identifiable brand, language, or clear attack vector, increasing the likelihood of a sophisticated or targeted phishing attempt.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Credential Harvesting Kit
Alvo
General public
Método de Ataque
obfuscated JavaScript
Canal de Exfiltração
Unknown
Avaliação de Risco
HIGH - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, Personal Info
  • 36 obfuscation techniques

🏢 Análise de Falsificação de Marca

Fake Service
Unknown (No specific service or brand impersonation detected)

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The phishing kit is designed to capture user credentials through deceptive input forms or fake login prompts. The harvested credentials are likely transmitted to a remote server controlled by the attacker for further exploitation, such as account takeover or identity theft.

Secondary Method: Personal Information Theft

In addition to credentials, the kit targets personal information such as names, addresses, and contact details. This data can be used for identity fraud, phishing, or sold on underground markets.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
qrco.de
Registered
Unknown
Registrar
Unknown
Estado
Active (age unknown)

🦠 Malicious Files

Main File
File Size

JavaScript file with no immediately detectable malicious functions but included in a high-risk phishing kit.

📊 Diagrama de Fluxo de Ataque

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL CONTACT                                       │
│    - Victim receives phishing message                    │
│    - Message contains link to fake Banking site          │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE SITE ACCESS                                      │
│    - Victim visits fraudulent Banking page               │
│    - Page mimics legitimate login interface              │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL SUBMISSION                                 │
│    - Victim enters Banking credentials                   │
│    - Form appears identical to legitimate site           │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA CAPTURE                                          │
│    - Credentials collected by attacker                   │
│    - Data prepared for exfiltration                      │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 5. EXFILTRATION                                           │
│    - Credentials sent via HTTP POST                      │
│    - Standard form submission to attacker-controlled     │
│      destination                                         │
└──────────────────────────────────────────────────────────┘
```

🔬 JavaScript Deep Analysis

Total Code Size
40,8 KB

🔗 API Endpoints Detected

Other
5

🔐 Obfuscation Detected

  • : Light
  • : None

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL CONTACT                                       │
│    - Victim receives phishing message                    │
│    - Message contains link to fake Banking site          │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE SITE ACCESS                                      │
│    - Victim visits fraudulent Banking page               │
│    - Page mimics legitimate login interface              │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL SUBMISSION                                 │
│    - Victim enters Banking credentials                   │
│    - Form appears identical to legitimate site           │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA CAPTURE                                          │
│    - Credentials collected by attacker                   │
│    - Data prepared for exfiltration                      │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 5. EXFILTRATION                                           │
│    - Credentials sent via HTTP POST                      │
│    - Standard form submission to attacker-controlled     │
│      destination                                         │
└──────────────────────────────────────────────────────────┘
```

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Desconhecido
https://cdn.gosafemode.com/screenshots/1cd16001b5be.png
Mai 21, 2026
 Screenshot
Microsoft
https://qrco.de/bgZUNV
Jan 29, 2026
No screenshot
Desconhecido
https://q-r.to/bgaMXF
Jan 27, 2026
No screenshot
Desconhecido
https://q-r.to/bga1vv
Jan 24, 2026
No screenshot
Desconhecido
https://l.ead.me/bgZqzH
Jan 24, 2026

Scan History for qrco.de

Found 10 other scans for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.