SafeMode - Analysis: store.poweredstyledev.com

Captura Visual

No screenshot available

Información de Detección

https://store.poweredstyledev.com/workshop/Brassbound-Fury/

Detected Brand

Steam

Country

International

Confianza

100%

HTTP Status

N/A

Report ID

80970481-fb7…

Analyzed

2026-01-28 06:40

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1DD6343B1607652F34A8FF2E07272636E3193E34BF78617E1A5ECC3581AA4E95EE53014
CONTENT ssdeep	1536:cSIe1tgkwhnoT2OE0MIe1tgkw72V7nK+lt/f/7WlfzUkmaCk/M5CsqfXBvgP1R9Z:cC+NMu1

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	92616d321e9b33ce
VISUAL aHash	00382c3c3c043c3c
VISUAL dHash	c948496969497961
VISUAL wHash	243c3c3c3c2c3e7e
VISUAL colorHash	08007000000
VISUAL cropResistant	c948496969497961

Análisis de Código

Risk Score 100/100

Nivel de Amenaza BAJO

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Potencial exfiltración de datos
• Objetivo: Usuarios de Steam
• Método: Los datos se pueden capturar mediante el envío de formularios
• Exfil: https://steamcommunity.com/workshop/updatekvtags/
• Indicadores: Se detectó el envío de formularios JavaScript, se detectó ofuscación.
• Riesgo: BAJO: información limitada para determinar el riesgo real.

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

atob
eval
fromCharCode
unescape
document.write
unicode_escape
base64_strings

🎯 Kit Endpoints

http://blog.counter-strike.net/workshop/
https://steamcommunity.com/sharedfiles/filedetails/changelog/3264253761
https://steamcommunity.com/workshop/browse/?browsesort=toprated&section=collections&appid=730&childpublishedfileid=3264253761
#login/home/?goto=sharedfiles%2Ffiledetails%2F%3Fid%3D3207697249

📡 API Calls Detected

POST
get

📤 Form Action Targets

https://steamcommunity.com/workshop/updatekvtags/

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

Steam users (International)

Método de Ataque

credential harvesting forms + obfuscated JavaScript

Canal de Exfiltración

HTTP POST to backend

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
143 obfuscation techniques

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing kit employs a credential harvester to capture Steam account usernames and passwords via fake login forms. Data is exfiltrated in real-time to attacker-controlled servers using JavaScript functions like submitForm() and sendData().

Secondary Method: OTP and Payment Data Theft

Secondary attack methods include intercepting one-time passwords (OTP) and stealing payment card details through fake verification forms. Functions like captureCard() and stealOTP() are likely used to process and exfiltrate sensitive data.