SafeMode - Analysis: ai-strt-trezr-auth-sso.typedream.app

Captura Visual

Screenshot of ai-strt-trezr-auth-sso.typedream.app

Informações de Detecção

https://ai-strt-trezr-auth-sso.typedream.app

Detected Brand

Trezor

Country

International

Confiança

100%

HTTP Status

200

Report ID

b0e33911-e81…

Analyzed

2026-03-17 04:28

Final URL (after redirects)

https://ai-strt-trezr-auth-sso.typedream.app/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1DA730A996854601A472740E384BB2BC9F7391C2FF91816E1A4F4C7F5B3AC8F5316AB4B
CONTENT ssdeep	768:oyWuPWur2xCs/5y/NwSbZXjwql/u1HM9UDSfLLtiR1nT8n+j67X8Un6u4tGidQKQ:L8yOloQzZs8oWQbp

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	97555454411f7c7a
VISUAL aHash	00fe1f3fffbfbfff
VISUAL dHash	a860777670647424
VISUAL wHash	003e07079f1f16f7
VISUAL colorHash	07000000c00
VISUAL cropResistant	8c70767490647464,0000606171691c20,45453bc8c4e45945

Análise de Código

Risk Score 79/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Usuários Trezor
• Método: Personificação através de um site semelhante hospedado em uma plataforma suspeita.
• Exfil: Potencialmente coletando detalhes de login de usuários, frases-semente ou outras informações confidenciais via JavaScript.
• Indicadores: Incompatibilidade de domínio, uso de hospedagem gratuita, ofuscação de JavaScript e envio de formulários.
• Risco: Alto

🔒 Obfuscation Detected

fromCharCode
unescape
unicode_escape

📡 API Calls Detected

GET
https://typedream.com/forms?utm_source=form-thank-you-page:
POST

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Suspicious Domain

The domain does not match the official Trezor domain and is hosted on a free platform.

JavaScript Obfuscation

Presence of obfuscated JavaScript code suggests attempts to hide malicious activities, such as credential harvesting.

Brand Impersonation

The website attempts to mimic the appearance of the Trezor website to deceive users.

Free Hosting

Hosting on a free platform like Typedream is a common tactic used by phishers.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Banking Credential Harvester

Alvo

Trezor users (International)

Método de Ataque

Brand impersonation + obfuscated JavaScript

Canal de Exfiltração

Form submission (backend endpoint not detected - likely JavaScript-based)

Avaliação de Risco

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Personal Info
695 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Trezor

Official Website

https://trezor.io/

Fake Service

Trezor Website

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker likely aims to steal user credentials by mimicking the legitimate Trezor website. Users are tricked into entering their login details or seed phrases.