SafeMode - Analysis: autenticacaogov-cmd.com

Captura Visual

Informações de Detecção

https://autenticacaogov-cmd.com/index.html

Detected Brand

Autenticação.gov

Country

Unknown

Confiança

100%

HTTP Status

200

Report ID

29ab02a9-506…

Analyzed

2026-05-22 02:41

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T18ED14271849968371163C2D5F9B3EF0663C28569CF621A0593FC836F2FC6E81DD21998
CONTENT ssdeep	96:xg5mrzvlijPn8wJCRPVJnM+Jn3PFM9DiGFM/qaH8c:xg5mrI/6CJFOqaH8c

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b34c4c6e4c195f66
VISUAL aHash	00e7ffffffffffff
VISUAL dHash	332f08180c0c1c0c
VISUAL wHash	0000c7c3c7c3e7ff
VISUAL colorHash	070000001c0
VISUAL cropResistant	2b0c180c0c1c0c08,0303002432302400

Análise de Código

Risk Score 100/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔐 Credential Harvesting Forms

🎯 Kit Endpoints

https://www.ama.gov.pt/web/agencia-para-a-modernizacao-administrativa/politica-de-privacidade
https://www.ama.gov.pt/web/agencia-para-a-modernizacao-administrativa/contactos1

📤 Form Action Targets

./CitizenConsent.aspx?RequestId=6a5b4eb3-709a-44f1-9df4-41923dd80a28&type=

📊 Detalhamento da Pontuação de Risco

Total Risk Score

100/100

Contributing Factors

Active Phishing Kit

Detected kit types: OTP Stealer, Card Stealer, Banking, Personal Info

Credential Harvesting

Credential harvesting detected with 1 form(s) capturing sensitive data

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Banking Credential Harvester

Alvo

Autenticação.gov users

Método de Ataque

credential harvesting forms

Canal de Exfiltração

HTTP POST to backend

Avaliação de Risco

CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: OTP Stealer, Card Stealer, Banking, Personal Info

🏢 Análise de Falsificação de Marca

Impersonated Brand

Autenticação.gov

Official Website

N/A

Fake Service

Token swap/DEX platform

⚔️ Metodologia de Ataque

Primary Method: Two-Factor Authentication Bypass

Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.

Secondary Method: Client-Side Form Interception

JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.