SafeMode - Analysis: orvion-grid.net

EN ES PT

Back to Stats

Visual Capture

Detection Info

https://orvion-grid.net/

Detected Brand

TraderApp

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

38e804b4-ad7…

Analyzed

2026-06-25 11:14

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T101C2B5B065D2CE3755A390D4EFBAA72B32D58348C443434E56FE432C4BD9D8ADE2A648
CONTENT ssdeep	768:QfL1+G8RGnbKGHmoW0nE381vRsrvrUpsy:QfLkmmoWkEYvGrTWZ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	e51e9e311e6c711a
VISUAL aHash	00ffc3c3c3c3e3ff
VISUAL dHash	8e9c8686969e869e
VISUAL wHash	00dfc3c3c3c3c3c7
VISUAL colorHash	06600008001
VISUAL cropResistant	9e9686869e96869e,0000000000000000,73e1e1e0c16d6df1,fc35343c3cf94a06

Code Analysis

Risk Score 85/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔒 Obfuscation Detected

unescape
document.write
hex_escape
js_packer
base64_strings

📡 API Calls Detected

POST

📊 Risk Score Breakdown

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected kit types: Credential Harvester, OTP Stealer, Banking, Personal Info

Credential Harvesting

Credential harvesting detected with 1 form(s) capturing sensitive data

Code Obfuscation

JavaScript code obfuscated using 6321 technique(s) to evade detection

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

TraderApp users

Attack Method

credential harvesting forms + obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
6321 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

TraderApp

Official Website

N/A

Fake Service

Banking/payment service

⚔️ Attack Methodology

Primary Method: Credential Harvesting

Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.

Secondary Method: JavaScript Obfuscation

Malicious code is obfuscated using 6321 techniques to evade detection by security scanners and make reverse engineering more difficult.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

orvion-grid.net

Registered

2026-03-15 14:38:21+00:00

Registrar

PDR Ltd. d/b/a PublicDomainRegistry.com

Status

Active (101 days old)

Hosting Information

Provider

PDR Ltd. d/b/a PublicDomainRegistry.com

ASN

🤖 AI-Extracted Threat Intelligence

😰

"I Never Thought It Would Happen to Me"

That's what 2.3 million victims say every year. Don't wait to become a statistic.