Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C1A42ADD72D9B0A91B97B234D03F610AB27B2D81784CC410D666E9C53C7984ED273FAA |
|
CONTENT
ssdeep
|
6144:Fh+FstexlJWqdAVAp3YIeKwstexlJWqdAVAp3YIeKO:Yst5IeNst5Ie1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d5351a3a2a2f4d55 |
|
VISUAL
aHash
|
00fffafbffffffff |
|
VISUAL
dHash
|
df10261600000001 |
|
VISUAL
wHash
|
00c6d2fbffff0000 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
1b18160200000201,3f3ff3f3ef69ffff |
โข Threat: Phishing
โข Target: CSS users
โข Method: Impersonation and PII theft
โข Exfil: ./lx/send_date.php
โข Indicators: Unrelated domain, form submission, JS obfuscation, asking for date of birth.
โข Risk: High
The attackers are using a form to collect users' personal data, such as date of birth. This is part of a larger scheme to steal user credentials and compromise their accounts.
The site mimics a legitimate service (CSS) and asks for seemingly harmless data (date of birth), to gain the user's trust, and prepare for further attacks.
ruxitagentjs_ICA2NVfgjqru_10281231207105659.jsPages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain