Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://dc.crsorgi.gov.in.web.dccertificate.in/
Detected Brand
Civil Registration System (CRS) India
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
403f6e84-df6โฆ
Analyzed
2026-04-28 11:13
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T170138438AA847A331847A7E062254BFFB75DC01BE2331981A5F2C3B52BC1EF9C979511 |
|
CONTENT
ssdeep
|
768:ePnHOxL2q9++sFq87S+kzimlg+VLiIvXAMgRnl:iqL2dqvRvXAMgRnl |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8506ba39ed66d619 |
|
VISUAL
aHash
|
00013373396f07ff |
|
VISUAL
dHash
|
deffe6c6d3d3ffff |
|
VISUAL
wHash
|
000033733b6b1fff |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
4d69da9a9115b61e,d4828092928080dc,2a2c94a21293d1f2,73738c9c29c8ed95,d280a08b8f8080c4,f7dfcfffffffff00,deffe6c6d3d3cfff |
Code Analysis
Risk Score
76/100
Threat Level
ALTO
โ ๏ธ Phishing Confirmed
๐ฃ Credential Harvester
๐ฃ OTP Stealer
๐ฃ Personal Info
๐ Obfuscation Detected
- fromCharCode
- unescape
๐ฏ Kit Endpoints
- https://dc.crsorgi.gov.in.web.dccertificate.in/login.php
- login.php
- data:image/webp;base64,UklGRkgIAABXRUJQVlA4TDsIAAAvJ8AJEDXRsf7//OUswbZt3zu2bdueuR7btmeuJ7Zt27Zt6/f7/4cL+J5U2UPOse2kz7l9qumDUT9VeicLmJMdOAtQm35WkG7aOVOlsp33EoIqZSongx0kVWonnzbOv41VGVWqnH+V0lmC7SVMbwiS7bZtdP8LuqfHveED+ABVCAkCAJBtVBuzbdsKa9uKnT7Yna0zJdHWdmzLsp1t27ZdI9u2XTObI9fQtm3btl3vngDWuhbet6Kqf9/kaXx6rV31+K1t+eOPXhWP37vVOX208D4+lSm+b6d13dRDWkrhXTPG+/zRrDqGV+Qh8DCkZf4agKAInhRksiJSV5aVliRk8HMpbhxv/FCOrPJ9kzvvqhbSogpumxEB91+9XXh6V09JElIlrIxIonvsR3WMrK/9c1uwxdT6e6pWMvauqQkLMFFMVI+RgwjQBSk+gw4NZWlGipMSGYAoFv8dAMv0Ivt2XPO5buphQ77VY8JZ8pekyIAnPPJcroTogAKogLNvYgZ4tTNpwi17wKJ4nIPmxWKEvpKUhVMhNs/X+LnN0zxu63qkN+yL9ZQKAEADDNe4kIR+FloGICiUZ6SgVzSPCmZZWQLllhcOzZIoGUjEWQg/q/p9V1I410091A/WeZpgILhlqQoLgFgdDBgrLrrHJPGAeAwHoSxDCzQVcHqGs6TIHndcWrqkooc8RBJSld6RF9W/bwsL5fv4P8hQiQDvucSFOB4GwFLLKrc983S7dQcF7sqDxhjzpGT0kxORpFSF8ZSU9IjHkKT00QUFRePgZslDJ60Q9f4eykTz2I+eG/6TyAPstWCXgdXajpUGLRK8zqAw/dIvsifgw0iekIxebbWVdlZdDK52WddDBORb1ULLc/V4zwiWEMZS0oeTuZZJi8RCy6ZdBpDwqw4aXnlO1PWAmIzIFRAV4dho6a/P5aOJgOEe31q3NzPM/QkYJCMSbDJ3tyP+FUpnvHmMz7jCf1wyyTxi1VIjWmdQKpSnlMHJmyBHzYnhUanDo2ep2LnktW2G8rhsGuHFfeNUzxge4ZKAsJYyUEl4Ey+jlik9npmXXmnppig8AFADK1+CFu4WtNaglJw+qmCZGkYPpMT0C+1p+iAFXt6b8jT4fyrrYIV/popxTUAiBshCgmJ5bNnSu3XpMiCixuMaZfAgsP3I0zTaqz0OCe9JT6CqTm7Is66HcOo8DdPE6Am0X6YMGo3rkDmczqWG4zppkUBIeRGMOk+jsu0AZEUCIAV9X0odOsmMsatLcPMkuG4JWKU0rLQECiJYrJvMtPRSAg8Azo/PkAQeYqgEADh/kW62YFk9BwA6Smlyeq3DGCu+byenCu97nkvOUYQAmGoZlIpeAAaXb/u6E61ZSg3GdQoQAMiXkHNjehSnZ9OnagxjrP7fXb4Qlv3PEfdffVD7DOpgzdJ7qIIDoGLbcydxm06rRMAL/ffjoDaGVzLGfE/PFc2tgmOsGKIZex9Hy2syrpp0GQFg/+VKj3hXG9TsrAiQFslsvUejcQ1PNZ/byRjzPj1XNVQCx1lzqN3KpbF06bUdbZ6yySab3ExE9MYSZdRt8TLJlbBNNtnkmKGnBTzlbfEwY8z39FThKM591B3A5STwEwAjzrPWHFTmL5u1SokO4Kni83sYY97Hh0JOlv/PefujCZYxALRB68a3RJloKQ2QFdEx8TxEDqI09GhXvJ3gqesT6xljf5zCwUZLltEtAHIloh1nrUHFJUEAbLVovm7TGRcuVUaJPYCn7kM3mTHmuWmEFuT+FZ4y7RDlDAQAcTq6vUXUL2O4SKIKQKW2Z+1SKpBndEEq2Y4s3Q3O5HTyu3w0Z4yxGi/7PAlUvZc23I6CuVasUhoLdYvzAUDct68YAJwsry3RnbQNZCGxtaIwnvZCbI/8qvh5lZ7jfX6rZaJYcGruhFwC1B830JjzJCXwIKSeUnYkIupxE5TBy5WQpPSThqycLe3Pt66HcvLvmlHuPLppAEJS+rjnua+w71s04TzKQisESIosjKXNuvQgIrrTPQEYnIR+W0b0hE4+168dGO9Iohj86asRLeHQaxDKMw6nHtXbjmCWJQZkRPKzz7hitVIj7gEPi85+LDU9NJXhkRePi+1bMXxe22aUF4/udklGn/MOFSGspy1WJkS0TOlN3/vN1HutOGgR77mNpzVB+NglAcnDJ6ZH6IAKGl++d2ECfS4fjeys+NfeCtzywsvHHYujRpumtCMhFyuzbOEgBRnsrKBwnkjsfgkZFFTeFw54bRqRgu5t+rbMUQXHVDGhLS0dXc64CX/GZdho87SVSoun3TxlV7odOh9Al/R0Cu9JSOXOlxW/bvIxIYvs2zF1fWpbkL0WvPpeXA/ZcjCgA0p8D3FNUOE8DQrmmc+Da9bbgJWWRfI4KAtHC7TBUTz+w+fyXocJXXjXSqjt07ufkxaZtZZkCof04RLCMnZ/ehdwd3GwguujMyo5vYq2Y+557unvvm18em/BmrPwvhUTyIGVJor976kAQRyG5QyYVzsj3r3Pl3E8ZPf4HnThyzkCljshSeijIAIl8KQhy+zQM9/zey3W3C7repjP7Ve3tHS9DRLh1bgM6ZSYfinDI3eC+mQNlGeey5aojXd6AKaK/a/tU5srf19nZy2yxs9NVm90L4jH8E8pkUEkMgLu/xPCekrXTp0BQxCKx85lv+vXVl6bRhhrwRU+LzMFvFQjinHnbFSL/9EETQQAu1hqWfZAX9fR4ZUNj8/1PDaNMNYS3db1sIqfVxn8rx9Nhnr+HVDlYZpR7N69vPTdtqjRQz1hxOePDvX/Hkp4bpuxrE0PAA==
๐ Risk Score Breakdown
Total Risk Score
100/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester, OTP Stealer, Personal Info
Credential Harvesting
Credential harvesting detected with 2 form(s) capturing sensitive data
Code Obfuscation
JavaScript code obfuscated using 6 technique(s) to evade detection
๐ฌ Comprehensive Threat Analysis
Threat Type
Two-Factor Authentication Stealer
Target
Civil Registration System (CRS) India users
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
โ ๏ธ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Personal Info
- 6 obfuscation techniques
๐ข Brand Impersonation Analysis
Impersonated Brand
Civil Registration System (CRS) India
Official Website
N/A
Fake Service
Credential harvesting service
โ๏ธ Attack Methodology
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: JavaScript Obfuscation
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.
๐ Infrastructure Indicators of Compromise
Domain Information
Domain
dc.crsorgi.gov.in.web.dccertificate.in
Registered
2024-11-12 02:37:19.040000+00:00
Registrar
GoDaddy.com, LLC
Status
Active (older domain)
Hosting Information
Provider
GoDaddy
ASN
๐ค AI-Extracted Threat Intelligence
Scan History for dc.crsorgi.gov.in.web.dccertificate.in
Found 1 other scan for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.