Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19BC1C73551448C3DA63BC2A8D3B5372B61A6C245CA4302F6C7F103BEA7E6D99DC670E8 |
|
CONTENT
ssdeep
|
96:V09TBn9YLfqtHczu9rbUTaZ4KArrCbyTCu:q9TYu9UmZ4KArrWyTCu |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b333998c666666cc |
|
VISUAL
aHash
|
e7e7e7e7ffffffef |
|
VISUAL
dHash
|
0c0c4c4d000c000c |
|
VISUAL
wHash
|
e0e0e0e03f3f2727 |
|
VISUAL
colorHash
|
07000000000 |
|
VISUAL
cropResistant
|
0c0c4c4d000c000c |
The phishing kit employs form-based credential harvesting to capture user inputs in real-time. Data is likely intercepted via JavaScript event listeners on form fields, then transmitted to a Discord webhook for exfiltration.
The kit includes functionality to intercept one-time passwords (OTPs) by mimicking legitimate OTP input fields. Captured OTPs are sent alongside credentials to bypass multi-factor authentication.
Contains obfuscated JavaScript with potential credential harvesting and data exfiltration capabilities.
Here's a generic ASCII art attack flow diagram for the phishing attack:
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 1. INITIAL CONTACT โ
โ - Victim receives phishing message โ
โ - Directed to fake Banking site โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 2. FAKE LOGIN PAGE โ
โ - Mimics legitimate Banking site โ
โ - Presents credential input form โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 3. CREDENTIAL CAPTURE โ
โ - Victim enters Banking credentials โ
โ - Data collected by attacker โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 4. DATA TRANSMISSION โ
โ - Stolen credentials sent to external service โ
โ - Single communication channel used โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
Here's a generic ASCII art attack flow diagram for the phishing attack:
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 1. INITIAL CONTACT โ
โ - Victim receives phishing message โ
โ - Directed to fake Banking site โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 2. FAKE LOGIN PAGE โ
โ - Mimics legitimate Banking site โ
โ - Presents credential input form โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 3. CREDENTIAL CAPTURE โ
โ - Victim enters Banking credentials โ
โ - Data collected by attacker โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 4. DATA TRANSMISSION โ
โ - Stolen credentials sent to external service โ
โ - Single communication channel used โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain