SafeMode - Analysis: bafkreidccja3l5z7l6q244cigjzqg75no45p6gl3d5fzl3ddawactsckqu.ipfs.dweb.link

Captura Visual

Screenshot of bafkreidccja3l5z7l6q244cigjzqg75no45p6gl3d5fzl3ddawactsckqu.ipfs.dweb.link

Informações de Detecção

https://bafkreidccja3l5z7l6q244cigjzqg75no45p6gl3d5fzl3ddawactsckqu.ipfs.dweb.link/

Detected Brand

Unknown

Country

International

Confiança

95%

HTTP Status

200

Report ID

d7f2afc2-18c…

Analyzed

2026-02-10 08:40

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T11EA10530434CAE73484391E4A6A19B0772C9C327C6539F0897F4839D9FDBED2CA59699
CONTENT ssdeep	48:pyJBD2BKdWZ4KsLx6Se6S3qA/XTxkAVT/2WXbt6HYPsL3Hy7Dd1n6QQRHrBGYfhk:83HDjLaTXTxxhX7vd1nmRHrd/nF9gT73

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cccc333399cc6666
VISUAL aHash	1818181818000000
VISUAL dHash	103232b232080000
VISUAL wHash	383818181f0f0f0f
VISUAL colorHash	000000001c0
VISUAL cropResistant	82a0e09280c0e080,103232b232080000

Análise de Código

Risk Score 56/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Ameaça: Phishing de credenciais
• Alvo: Usuários de Webmail
• Método: Imitação com JavaScript malicioso e formulários
• Exfil: Envio de formulários, Obfuscação de JS
• Indicadores: JavaScript, hospedagem IPFS, formulário de login
• Risco: Alto

🔒 Obfuscation Detected

unescape
document.write

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Obfuscated JavaScript

Obfuscated Javascript often indicates malicious intent.

IPFS Hosting

Unusual and suspicious hosting method. Often used for hosting phishing pages.

Form Submission

Capturing sensitive data is a primary goal of phishing.

Domain Age

While the domain age is high, it is not an indicator for this context.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Credential Harvesting Kit

Alvo

General public

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltração

Form submission (backend endpoint not detected - likely JavaScript-based)

Avaliação de Risco

MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester
4 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Webmail

Fake Service

Webmail login

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The site uses a form to collect email and password credentials, attempting to impersonate a legitimate webmail service to trick users into entering their login details.