SafeMode - Analysis: e-service.org

Captura Visual

Informações de Detecção

https://e-service.org/landingpages/214dde44-d83d-472c-808d-4304cf3e308c/-6z9gapf4ucnrxpig7x__bglxzqfdufqtbnrb6-gksm

Detected Brand

FedEx

Country

International

Confiança

95%

HTTP Status

200

Report ID

5dc6ee68-5d6…

Analyzed

2026-03-17 04:52

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T18E32F2B8F04FB4D216A6EDBA7A49572972BB435BD31A2C253F3C196145E3C2097600BF
CONTENT ssdeep	96:TReE7FLruHpXvMoa6cDJPA5J6ABpBlTpTYBsKYDY8JIA45VdcYz8l0n9+WGyGjcA:NeE7TTQtaOkmoGiv9w8XOL

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	ed6d6d9292929293
VISUAL aHash	c3c3c3ffffffffff
VISUAL dHash	1696962912480000
VISUAL wHash	c3c3c3dfff4e0000
VISUAL colorHash	07000600010
VISUAL cropResistant	1696962912480000,202c20a026080020

Análise de Código

Risk Score 50/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Clientes da FedEx
• Método: Imitação da página de login.
• Exfil: Dados do formulário enviados para um local suspeito.
• Indicadores: Domínio incompatível, envio de formulário JavaScript, caminho de formulário incomum.
• Risco: ALTO

🔐 Credential Harvesting Forms

📤 Form Action Targets

/landingpages/ac5c9c07-fe9d-4dc8-9780-8ff30d1206d7/-6z9gapf4ucnrxpig7x__bglxzqfdufqtbnrb6-gksm

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Domain mismatch

The domain 'e-service.org' is unrelated to FedEx.

JavaScript form submission

Javascript submission adds risk of malicious payload

Suspicious Form Action Destination

The form action points to an unusual path for a FedEx login.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Credential Harvesting Kit

Alvo

FedEx users (International)

Método de Ataque

Brand impersonation + credential harvesting forms

Canal de Exfiltração

HTTP POST to backend

Avaliação de Risco

MEDIUM - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

Kit types: Credential Harvester

🏢 Análise de Falsificação de Marca

Impersonated Brand

FedEx

Official Website

fedex.com

Fake Service

FedEx login

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker aims to steal user credentials by presenting a fake login page that mimics the appearance of FedEx's login portal. The form data is likely sent to a server controlled by the attacker.