Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
http://web3orbit.com.backedbyweb3quantumledger.com
Detected Brand
Unknown
Country
International
Confiança
100%
HTTP Status
200
Report ID
203b7f75-35c…
Analyzed
2026-02-06 01:14
Final URL (after redirects)
http://web3orbit.com/
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11DF272BE9255B837019387D2F8790746A3E9C247EA8215D6B3F9C38C4BC5CB4E97212D |
|
CONTENT
ssdeep
|
768:qK6h7EVfof+zEmbcmp0XBbNzU4UR6URvlKof:OGgf2Emgmp0xbNzU4UwU1lKof |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8ad4bbe5532c546c |
|
VISUAL
aHash
|
ff3f18000000030d |
|
VISUAL
dHash
|
dde9b536c8cbc349 |
|
VISUAL
wHash
|
ffffff000804032d |
|
VISUAL
colorHash
|
30006000080 |
|
VISUAL
cropResistant
|
000000000040ffff,8008c06d2d800080,70d8ccf4ecc4949c,000802d8d8c22000,ebf136cac8cbcb49 |
Análise de Código
Risk Score
85/100
Nível de Ameaça
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Usuários de criptomoedas
• Método: Suplantação de identidade e coleta de credenciais
• Exfil: http://web3orbit.com/
• Indicadores: Javascript ofuscado, domínio suspeito e branding de criptomoedas
• Risco: Crítico
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- eval
- fromCharCode
- unescape
- hex_escape
- unicode_escape
- base64_strings
🎯 Kit Endpoints
- http://web3orbit.com/wp-content/themes/Divi/core/admin/js/recaptcha.js?ver=6.9
- http://web3orbit.com/wp-content/themes/Divi/core/admin/js/es6-promise.auto.min.js?ver=6.9
- http://web3orbit.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.6.6
📡 API Calls Detected
- GET
- POST
- https://feedburner.google.com/fb/a/mailverify?uri=
📤 Form Action Targets
- http://web3orbit.com/
📊 Detalhamento da Pontuação de Risco
Total Risk Score
95/100
Contributing Factors
Recent Domain
The domain is only 7 days old, a classic indicator.
JavaScript Obfuscation
Obfuscation is often used to hide malicious code from detection.
Suspicious Domain
The domain structure is not typical of a legitimate service.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Banking Credential Harvester
Alvo
General public
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
HTTP POST to backend
Avaliação de Risco
CRITICAL - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
- 675 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
Web3Orbit
Fake Service
Crypto wallet or trading platform
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The site likely attempts to steal login credentials or wallet access information. The 'Connect Wallet' button is a clear indication of this.
Secondary Method: Malware Injection
The obfuscated Javascript is a likely candidate for the injection of malicious code, perhaps a keylogger or a trojan to steal crypto assets.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domínio
web3orbit.com.backedbyweb3quantumledger.com
Registered
None
Registrar
Unknown
Estado
ACTIVE
🔬 JavaScript Deep Analysis
Operator Language
English (1%)
Sophistication Level
Basic
Total Code Size
913,7 KB
🔗 API Endpoints Detected
Other
29
🔐 Obfuscation Detected
- : None
- : Light
- : Heavy
- : Moderate
- : None
- : None
- : None
- : Light
- : Light
- : Light
- : Light
- : Light
- : Light
- : Light
- : None
- : Light
- : Light
- : None
- : Light
- : Light
🤖 AI-Extracted Threat Intelligence
Scan History for web3orbit.com.backedbyweb3quantumledger.com
Found 1 other scan for this domain
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.