EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

No screenshot available

Detection Info

https://mailtrest.help/wtod63zq
Detected Brand
Unknown
Country
International
Confidence
95%
HTTP Status
200
Report ID
49d2602b-31eā€¦
Analyzed
2026-02-13 01:09

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1C3012031608C28391BDFC0C60570639F7BD6C9168B2F269536FF43EC99E8A8CCC56181
CONTENT ssdeep
12:nwM2XMx2Nw6gZhiSn/p3AkewzAhsCH/dF/ju7NQl:n/EoZhh3AHsCH/dF/ju7Nc

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
cc99336666999966
VISUAL aHash
0000181818181800
VISUAL dHash
043032323232320c
VISUAL wHash
003c3c3c3c3c3c00
VISUAL colorHash
30007000000
VISUAL cropResistant
043032323232320c

Code Analysis

Risk Score 56/100
Threat Level ALTO
āš ļø Phishing Confirmed
šŸŽ£ OTP Stealer

šŸ”¬ Threat Analysis Report

ā€¢ Threat: Phishing attempt
ā€¢ Target: Unspecified
ā€¢ Method: Impersonation via a security check
ā€¢ Exfil: Unknown
ā€¢ Indicators: New domain, generic wording, loading animation
ā€¢ Risk: High

šŸ”’ Obfuscation Detected

  • atob
  • base64_strings

šŸ“” API Calls Detected

  • POST

šŸ“Š Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Recent Domain
Domain is very new (2 days old).
Suspicious Content
Generic 'Security Verification' message with a loading animation, without any brand association, is a classic phishing pattern.

šŸ”¬ Comprehensive Threat Analysis

Threat Type
Two-Factor Authentication Stealer
Target
General public
Attack Method
obfuscated JavaScript
Exfiltration Channel
Unknown
Risk Assessment
MEDIUM - Automated credential harvesting with Unknown

āš ļø Indicators of Compromise

  • Kit types: OTP Stealer
  • 2 obfuscation techniques

šŸ¢ Brand Impersonation Analysis

Impersonated Brand
Unknown
Fake Service
Generic security check.

Fraudulent Claims

āš”ļø Attack Methodology

Primary Method: Credential Harvesting

The site likely aims to trick the user into entering their credentials on a fake login form after this loading sequence.

Secondary Method: Redirection to a phishing site

After the loading animation completes, the site might redirect to a fake login page of a popular service.

šŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
mailtrest.help
Registered
2024-02-13
Registrar
Unknown
Status
Active

šŸ¤– AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/d66ee2776a46.png
Apr 07, 2026

Scan History for mailtrest.help

Found 1 other scan for this domain

šŸ˜°
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.