Phishing Analysis
Detailed analysis of captured phishing page
95
Risk Score
High Risk
Threat Level: ALTO
• Impersonating: SitesGPT
⚠ Risk Factors
- Brand impersonation of SitesGPT on non-official domain
- Contains 1 form(s) with JavaScript submission
- JavaScript obfuscation detected (6 patterns)
- Credential harvesting indicators detected
- OTP/2FA stealing indicators detected
Visual Capture
Detection Info
https://go.eu.sparkpostmail1.com/f/a/bsS6sLp332MV1v661N7hPg~~/AAQ58BA~/VVDvv4ywDWgkgxGx5kpVd-Qsa2sM1Inuqwvc49yWjNMnyc8aw_S6VTZ0Y-3N4elkSGCnl6DN5ymMEwzuRyI7SGHZNVXGoyJndtWDsTCl4w6WTrLclOdQWwZwTpGJqQ0Y
Detected Brand
SitesGPT
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
8f1dc9e3-1b6…
Analyzed
2026-01-08 02:57
Final URL (after redirects)
https://www.sitesgpt.com/?Kq8G1GboS3ZkubrL
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CE33C939F10C552A56238B89FBA1BF58B19B7145C35908A8E2FA87AC13F5EC0E711C9D |
|
CONTENT
ssdeep
|
768:PkJ6VFbrZTrWd5ZH8maU3ZZZZTZZZZeZZZZjZZZZRZZZZJZZZZevpGZ:p3/NlKpC |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c73afc22c33298e5 |
|
VISUAL
aHash
|
000000257800e3ff |
|
VISUAL
dHash
|
dcdbcccdc97d8600 |
|
VISUAL
wHash
|
0201203d7d27e7ff |
|
VISUAL
colorHash
|
31007000080 |
|
VISUAL
cropResistant
|
e9008018184000e2,0010066969200000,8f8e462612000804,d4dbcecdc97d8e02 |
Code Analysis
Risk Score
95/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Banking
🎣 Personal Info
🔒 Obfuscation Detected
- atob
- eval
- fromCharCode
- unescape
- unicode_escape
- base64_strings
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
