EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of defidappsrestore.firebaseapp.com

Información de Detección

https://defidappsrestore.firebaseapp.com/
Detected Brand
Defi Restore
Country
International
Confianza
100%
HTTP Status
200
Report ID
5dc70b07-424…
Analyzed
2026-02-26 00:39

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T16AD2107300C699FB04E3A3D05271172AA2A673A1FE5B434797F84B4E5E97F65CC26832
CONTENT ssdeep
192:AD4XchE1+GABXELib+brmVvqq7tqW5BMB8x6PacLlOojQdkQk6N8mxnpSVIPv:S4XQEcNBXELiy/Y+nPacLohb5npF

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9965339ccc336ccc
VISUAL aHash
180000183c3c3c18
VISUAL dHash
3070507070717933
VISUAL wHash
1800183c3c3efffb
VISUAL colorHash
38002000180
VISUAL cropResistant
3070507070717933

Análisis de Código

Risk Score 85/100
Nivel de Amenaza ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info
🔥 Firebase Backend

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Defi Restore
• Método: Suplantación de identidad y posible recopilación de credenciales
• Exfil: Potencialmente credenciales de usuario, datos de billetera u otra información sensible.
• Indicadores: Alojamiento gratuito, ofuscación.
• Riesgo: Alto

🔒 Obfuscation Detected

  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • POST
  • GET

☁️ Cloud Backend

  • Firebase: defidappsrestore.firebaseapp.com

📊 Desglose de Puntuación de Riesgo

Total Risk Score
95/100

Contributing Factors

Free Hosting
The site is hosted on a free hosting provider, indicating a high risk of malicious intent.
Obfuscation
Obfuscation detected in the Javascript, which suggests an attempt to hide malicious code.
Impersonation
The site claims to be related to DeFi Restore.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
Defi Restore users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Firebase Database
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Firebase Database

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 25 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Defi Restore
Fake Service
Defi Restore services.

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting/Wallet Theft

The site likely attempts to steal user credentials or wallet data by imitating the Defi Restore service.

Secondary Method: Malicious Javascript

Javascript obfuscation suggest it may contain malicious scripts such as keyloggers or information exfiltration.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
defidappsrestore.firebaseapp.com
Registered
Unknown
Registrar
Google LLC
Estado
ACTIVE

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

No screenshot
Desconocido
https://defidappsrestore.web.app/
Feb 26, 2026
 Screenshot
DeFi
http://defidappsrestore.web.app
Ene 14, 2026
No screenshot
DEFI RESTORE
https://defidappsrestore.web.app/
Dic 31, 2025
No screenshot
Desconocido
https://defidappsrestore.firebaseapp.com/
Dic 31, 2025

Scan History for defidappsrestore.firebaseapp.com

Found 1 other scan for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.