SafeMode - Analysis: ai-strt-trezr-auth-sso.typedream.app

Captura Visual

Screenshot of ai-strt-trezr-auth-sso.typedream.app

Información de Detección

https://ai-strt-trezr-auth-sso.typedream.app

Detected Brand

Trezor

Country

International

Confianza

100%

HTTP Status

200

Report ID

b0e33911-e81…

Analyzed

2026-03-17 04:28

Final URL (after redirects)

https://ai-strt-trezr-auth-sso.typedream.app/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1DA730A996854601A472740E384BB2BC9F7391C2FF91816E1A4F4C7F5B3AC8F5316AB4B
CONTENT ssdeep	768:oyWuPWur2xCs/5y/NwSbZXjwql/u1HM9UDSfLLtiR1nT8n+j67X8Un6u4tGidQKQ:L8yOloQzZs8oWQbp

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	97555454411f7c7a
VISUAL aHash	00fe1f3fffbfbfff
VISUAL dHash	a860777670647424
VISUAL wHash	003e07079f1f16f7
VISUAL colorHash	07000000c00
VISUAL cropResistant	8c70767490647464,0000606171691c20,45453bc8c4e45945

Análisis de Código

Risk Score 79/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Trezor
• Método: Impersonación a través de un sitio web similar alojado en una plataforma sospechosa.
• Exfil: Potencialmente cosechando detalles de inicio de sesión de usuarios, frases semilla u otra información confidencial a través de JavaScript.
• Indicadores: Coincidencia de dominio, uso de alojamiento gratuito, ofuscación de JavaScript y envío de formularios.
• Riesgo: Alto

🔒 Obfuscation Detected

fromCharCode
unescape
unicode_escape

📡 API Calls Detected

GET
https://typedream.com/forms?utm_source=form-thank-you-page:
POST

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Suspicious Domain

The domain does not match the official Trezor domain and is hosted on a free platform.

JavaScript Obfuscation

Presence of obfuscated JavaScript code suggests attempts to hide malicious activities, such as credential harvesting.

Brand Impersonation

The website attempts to mimic the appearance of the Trezor website to deceive users.

Free Hosting

Hosting on a free platform like Typedream is a common tactic used by phishers.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

Trezor users (International)

Método de Ataque

Brand impersonation + obfuscated JavaScript

Canal de Exfiltración

Form submission (backend endpoint not detected - likely JavaScript-based)

Evaluación de Riesgo

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Personal Info
695 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Trezor

Official Website

https://trezor.io/

Fake Service

Trezor Website

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker likely aims to steal user credentials by mimicking the legitimate Trezor website. Users are tricked into entering their login details or seed phrases.