EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

No screenshot available

Información de Detección

https://store.poweredstylegame.com/workshop/Brassbound-Fury/
Detected Brand
Steam
Country
International
Confianza
100%
HTTP Status
200
Report ID
639781a4-241…
Analyzed
2026-01-25 23:44

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1DD6343B1607652F34A8FF2E07272636E3193E34BF78617E1A5ECC3581AA4E95EE53014
CONTENT ssdeep
1536:cSIe1tgkwhnoT2OE0MIe1tgkw72V7nK+lt/f/7WlfzUkmaCk/M5CsqfXBvgP1R9Z:cC+NMu1

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
92656d321e9933ce
VISUAL aHash
00382c3c3c043c3c
VISUAL dHash
c948497969497961
VISUAL wHash
243c3c3c3c2c3e7e
VISUAL colorHash
08007000000
VISUAL cropResistant
c948497969497961

Análisis de Código

Risk Score 100/100
Nivel de Amenaza BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: No se detectó amenaza inmediata
• Objetivo: Usuarios de Steam
• Método: Página legítima de Steam Workshop
• Exfil: No se detectó exfiltración de datos
• Indicadores: El dominio no coincide con el dominio oficial de Steam, el contenido coincide con el diseño esperado
• Riesgo: BAJO - Contenido legítimo, no se detectó phishing

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • document.write
  • unicode_escape
  • base64_strings

🎯 Kit Endpoints

  • #login/home/?goto=sharedfiles%2Ffiledetails%2F%3Fid%3D3207697249
  • http://blog.counter-strike.net/workshop/
  • https://steamcommunity.com/sharedfiles/filedetails/changelog/3264253761
  • https://steamcommunity.com/workshop/browse/?browsesort=toprated&section=collections&appid=730&childpublishedfileid=3264253761

📡 API Calls Detected

  • POST
  • get

📤 Form Action Targets

  • https://steamcommunity.com/workshop/updatekvtags/

📊 Desglose de Puntuación de Riesgo

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester, OTP Stealer, Card Stealer, and Banking kits with real-time form interception capabilities.
High Form Count
11 forms detected, indicating extensive data collection infrastructure.
Obfuscation Techniques
143 obfuscation techniques identified, suggesting advanced evasion tactics.
Brand Impersonation
Steam brand impersonation targeting users with fake workshop/service claims.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
Steam users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • 143 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Steam
Official Website
https://store.steampowered.com
Fake Service
Fake Steam Workshop item (Brassbound-Fury)

⚔️ Metodología de Ataque

Primary Method: SERVICE Credential Harvesting

The phishing kit harvests Steam credentials by presenting a fake login form that mimics the official Steam authentication process. Submitted credentials are intercepted in real-time and exfiltrated to attacker-controlled infrastructure.

Secondary Method: OTP Interception

The OTP Stealer component captures one-time passwords (OTPs) or two-factor authentication (2FA) codes entered by victims, enabling account takeover even with 2FA enabled.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
store.poweredstylegame.com
Registered
2026-01-20 17:55:21+00:00
Registrar
NICENIC INTERNATIONAL GROUP CO., LIMITED
Estado
Recently registered (5 days old)

🦠 Malicious Files

Main File
File Size

Large JavaScript file with no extracted functions, likely obfuscated.

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
2,2 MB

🔗 API Endpoints Detected

Other
80
WebSocket (Real-time)
1

🔐 Obfuscation Detected

  • : None
  • : None
  • : Light
  • : Light
  • : Moderate
  • : None
  • : Light
  • : Light
  • : None
  • : Light
  • : Heavy
  • : Moderate
  • : Moderate

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Steam
http://store.communitysectionapp.shop/workshop/Brassbound-Fu...
Jun 17, 2026
😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.