Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B8810A70A5612E7F4727CCC4B474ABAD25E3EB0ECD6A6411B7AC82C50FD3EE4E911192 |
|
CONTENT
ssdeep
|
96:nGlSdV88888888888P2folo4VK0p3FKizLhKjzLRTKXzLyKPzL/Kkt:GlSdw7iRQfam |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e666666689993333 |
|
VISUAL
aHash
|
e7e7e7e7e7e7e7e7 |
|
VISUAL
dHash
|
4d0c0c0e0c0c0c0c |
|
VISUAL
wHash
|
c3c3c3c3c3c3c3c3 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
4d0c0c0e0c0c0c0c,6080806288861680,8c31320c81008900 |
Code Analysis
๐ Obfuscation Detected
- eval
- fromCharCode
- unescape
- hex_escape
- unicode_escape
- base64_strings
๐ก API Calls Detected
- right
- POST
- left
- GET
๐ Risk Score Breakdown
Contributing Factors
๐ฌ Comprehensive Threat Analysis
๐ข Brand Impersonation Analysis
โ๏ธ Attack Methodology
Primary Method: Credential Harvesting
The phishing kit is designed to capture user credentials through a form submission. The form likely intercepts input in real-time or upon submission, sending data to a remote server controlled by the attacker.
Secondary Method: OTP and Payment Data Theft
The kit includes modules for stealing one-time passwords (OTPs) and payment card details, suggesting a multi-stage attack to bypass 2FA and harvest financial information.
๐ Infrastructure Indicators of Compromise
Domain Information
๐ฆ Malicious Files
Highly obfuscated JavaScript file with 24 detected obfuscation techniques, likely used for credential harvesting and data exfiltration.
๐ค AI-Extracted Threat Intelligence
๐ฏ Malicious Files Identified
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
