SafeMode - Analysis: ipfs.io

EN ES PT

Back to Stats

Captura Visual

Screenshot of ipfs.io

Informações de Detecção

https://ipfs.io/ipfs/bafybeicdcbgri2cyjc45wohp42s6hmqlqhl7th3vcr7a574qdfyocwvlku

Detected Brand

WeTransfer (Likely Impersonated)

Country

International

Confiança

100%

HTTP Status

200

Report ID

26647204-5d6…

Analyzed

2026-03-18 01:38

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1907209F20500E9BA46078AF9DBE1FB58216FD14EDA1B0500A7FE87E513C7DE2ED29059
CONTENT ssdeep	192:NWU+7WfV9PDJ7tn6WXk9OMuMZ0qhGgqhkOqhLJ7t5j+v+CyJ6umDa8wzXTOlnTa0:NWU+7WzPDqW86CzQPil9GyJWW8wHOln3

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b33c8dc7cc3330cc
VISUAL aHash	1f1f07c7cf072f0f
VISUAL dHash	febc9d88ac8acafc
VISUAL wHash	0f1f0707cf070f0f
VISUAL colorHash	07000000006
VISUAL cropResistant	febc9d88ac8acafc,50888a8a8a8a8a8a,45012b13960e4d6d

Análise de Código

Risk Score 100/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

Telegram Exfiltration

🔬 Threat Analysis Report

• Ameaça: Phishing de credenciais
• Alvo: Usuários desavisados
• Método: Página web maliciosa imitando download de arquivos
• Exfil: Desconhecido, provavelmente roubar credenciais
• Indicadores: Domínio não relacionado, solicitação de dados de acesso.
• Risco: Alto

🔒 Obfuscation Detected

fromCharCode
unescape
js_packer
base64_strings

🎯 Kit Endpoints

#logo-path

📡 API Calls Detected

GET
http://ip-api.com/json/

🔑 Telegram Bot Tokens (1)

6170603383:AAH_...FdCBF-uo

💬 Telegram Chat IDs (1)

6275829011

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Suspicious Login Form

The form asks for login credentials in order to supposedly download files.

Domain Unrelated to Content

The domain ipfs.io is not related to the file download service being imitated

JavaScript Obfuscation

Javascript Obfuscation Detected is typically used to hide malicious code

Telegram Token Found

A Telegram Bot Token has been detected in the code, indicating potential for data exfiltration

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Banking Credential Harvester

Alvo

General public

Método de Ataque

obfuscated JavaScript

Canal de Exfiltração

Telegram Bot (6170603383:AAH_T7dwZ...)

Avaliação de Risco

CRITICAL - Automated credential harvesting with Telegram Bot (6170603383:AAH_T7dwZ...)

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
39 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Unknown

Fake Service

File Download Service

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The site is designed to collect user credentials by presenting a login form for a download service, likely to steal the login credentials.

Secondary Method: Javascript Obfuscation

The use of javascript obfuscation techniques, makes it difficult to detect malicious activities.

📡 Infraestrutura de Comando e Controle Telegram

Bot Token (Masked)

6170603383:AAH_...FdCBF-uo

Bot ID

6170603383

Group/Chat ID

6275829011

Operator Language

Unknown

💬 Message Templates (3)

ID	Português	Inglês	Trigger

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio

ipfs.io

Registered

2014-05-16

Registrar

Namecheap, Inc.

Estado

ACTIVE

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot

https://alinan-dpev5em6n4nz.edgeone.cool/R-WeTransferdalina....

Screenshot

https://bafybeihxd5fibopsbqmpqummsneojvgrxodkrzwlq6jluteyfc2...

Screenshot

http://y3fcmtjknt.progmedialab.direct.quickconnect.to/wordpr...

Screenshot

https://filesahredocument.s3.us-east-1.amazonaws.com/wetrans...

Scan History for ipfs.io

Found 10 other scans for this domain

https://bafybeifucnntp2tzvo2smmgd2nrz2anlih4bapzou... ?

https://bafybeidainj73npe2kepzldqmuwzes5stwbgtu2pb... ?

https://bafybeidzv5orafwm4qq7m5wdptagbyyaksssolxhe... ?

https://bafybeiby3jwvxj44lno5pu2qjn5ezh5mlm4fkoy4q... ?

https://bafybeiaz6xbudbilnb4a52kkl2ffapf7oim253s7i... ?

https://bafybeieqilhn5yjrdt2cs46bglcamzimrcgbfuvq3... ?

https://bafkreidpy5pr2m6yvnk6v7ry7tu5lydi2rkd5reft... ?

https://bafybeih4lunv4ykv3qnx3n4c2c3d3gl5vlonz34ui... ?

http://ipfs.io/ipfs/bafybeibo7ht7ythkoucqnhcd4lzr5... ?

https://bafybeicfvmv4fni2inofzgesr4hc754scsn2zsohf... ?

😰

"Nunca pensei que aconteceria comigo"

Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.