EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

https://store.workshopviewreward.com/sharedfiles/filedetails?id=3364147275
Detected Brand
Steam
Country
International
Confiança
100%
HTTP Status
200
Report ID
d858e30d-1e8…
Analyzed
2026-01-25 23:49

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T14343D7F0A165A67B019BB2D3B739AB1E26D2870AD64747E0D2FC836C1BD5D50DD3B028
CONTENT ssdeep
1536:dxvGd6C8BH1lnfK0Th+OG9GC3X3Y0eGC+pma6M:bvGdA3DaSM

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
cb6564129cc76799
VISUAL aHash
00203c3c3c3c3c38
VISUAL dHash
4948506171696960
VISUAL wHash
243c3c3c3c3c3e3e
VISUAL colorHash
08007000000
VISUAL cropResistant
37367afaf0c2e3e3,4948506171696960

Análise de Código

Risk Score 97/100
Nível de Ameaça BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Potencial distribuição de conteúdo malicioso no Workshop.
• Alvo: Usuários do Steam interessados em Team Fortress 2.
• Método: Distribuição de um ativo de jogo modificado através do Steam Workshop.
• Exfil: N/A
• Indicators: Conteúdo de Workshop disponível no Steam.
• Risk: BAIXO - Risco potencial de malware se o item do Workshop for malicioso.

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • document.write
  • unicode_escape
  • js_packer
  • base64_strings

📡 API Calls Detected

  • get
  • POST

📤 Form Action Targets

  • https://steamcommunity.com/workshop/updatekvtags/

📊 Detalhamento da Pontuação de Risco

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester, OTP Stealer, Card Stealer, and Banking kits with real-time form interception (15 forms identified).
Brand Impersonation
Impersonates Steam, a high-value target for credential harvesting and financial fraud.
Obfuscation Techniques
40200 obfuscation techniques detected, indicating advanced evasion of static analysis.
Malicious JavaScript
Large JavaScript files (2.91 MB total) with no legitimate purpose identified.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Banking Credential Harvester
Alvo
Steam users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
HTTP POST to backend
Avaliação de Risco
CRITICAL - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • 40200 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
Steam
Official Website
https://store.steampowered.com
Fake Service
Fake reward or file-sharing service (e.g., 'Workshop View Reward')

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The phishing kit captures Steam account credentials via fake login forms. Input fields are intercepted in real-time and exfiltrated to attacker-controlled servers, enabling immediate account takeover.

Secondary Method: OTP and Payment Data Theft

Secondary forms target one-time passwords (OTP) and payment card details, likely using fake authentication prompts or transaction verification pages to trick victims into submitting sensitive data.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
store.workshopviewreward.com
Registered
2026-01-16 16:40:46+00:00
Registrar
Global Domain Group LLC
Estado
Recently registered (9 days old)

🦠 Malicious Files

Main File
File Size

Large JavaScript file with advanced obfuscation, likely used for credential and payment data interception.

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
2,9 MB

🔗 API Endpoints Detected

Other
90
WebSocket (Real-time)
1

🔐 Obfuscation Detected

  • : None
  • : None
  • : None
  • : None
  • : Light
  • : Light
  • : Moderate
  • : None
  • : Light
  • : Light
  • : None
  • : Light
  • : None
  • : None
  • : Light
  • : None
  • : Light
  • : Light
  • : Heavy
  • : Moderate

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Steam
https://store.workshopcosmeticreview.com/sharedfiles/filedet...
Mai 25, 2026
 Screenshot
Steam
https://store.workshopviewrelease.com/sharedfiles/filedetail...
Mai 13, 2026
 Screenshot
Steam
https://store.workshopcosmeticpower.com/sharedfiles/filedeta...
Mai 07, 2026
😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.