SafeMode - Analysis: adobe.authorised-support.com

Visual Capture

Screenshot of adobe.authorised-support.com

Detection Info

http://adobe.authorised-support.com/login/CFf9aOkGWsy07i0s-EFU1vq3ThKYAREV3UkY=9CA==/dfeyClRYnL-1gpHBCdJsrrxWw6mYBr3P/

Detected Brand

Adobe

Country

International

Confidence

95%

HTTP Status

200

Report ID

0cb00d16-07e…

Analyzed

2026-03-17 17:32

Final URL (after redirects)

http://adobe.authorised-support.com/login/CFf9aOkGWsy07i0s-EFU1vq3ThKYAREV3UkY=9CA==6V1JZVFNpWllRX1g=/dfeyClRYnL-1gpHBCdJsrrxWw6mYBr3P/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1E6B143B02090BC3B650356E1F3E2B353A2908245D9171643F3F987BD0FE5D2AED925AB
CONTENT ssdeep	96:NJxrJoxLz8z2IVDgvHnc4Go6a1ks1gxYW:NJNJox8rVDgv8ro6a1VKKW

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	93136c64ed6d9236
VISUAL aHash	000c0e0e0e0e04fb
VISUAL dHash	2358585858581826
VISUAL wHash	010f0e0e0e0e0eff
VISUAL colorHash	070000001c0
VISUAL cropResistant	b2a082a0a082a0b2,0000000006040400,2758585858585823

Code Analysis

Risk Score 53/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Adobe users
• Method: Impersonation and credential harvesting
• Exfil: Likely to a server controlled by attackers
• Indicators: Domain mismatch, obfuscated JavaScript, login form
• Risk: High

🔒 Obfuscation Detected

document.write

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Domain Mismatch

The domain doesn't align with the official Adobe domain.

Form with Sensitive Fields

The site asks for an email address, indicating an attempt to steal credentials.

Obfuscated Javascript

Detection of obfuscated code, a common phishing tactic.

Impersonation

The site uses Adobe branding to create a false sense of legitimacy

🔬 Comprehensive Threat Analysis

Threat Type

Credential Harvesting Kit

Target

Adobe users (International)

Attack Method

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Exfiltration Channel

Form submission (backend endpoint not detected - likely JavaScript-based)

Risk Assessment

MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester
1 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Adobe

Official Website

adobe.com

Fake Service

Adobe Account Login

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The site uses a fake login form to collect user credentials (email address, etc.) by mimicking the Adobe login page. Once the user enters their credentials, they are sent to the attacker.

Secondary Method: Javascript Obfuscation

The Javascript code is obfuscated to make it difficult to detect and understand, which hides malicious activities, like the exfiltration of stolen data.