Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13CC142E0C414ED37436286D99BF56B0BB7D1C349CB421D4093F883AB5BCAC60DA256A9 |
|
CONTENT
ssdeep
|
96:nkJ9SzeFvMSfuSTCctuXeDDF0CXSHFSOXNz/JHY3GJ:kJ9SzeFdjWckXeDOLzJGA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bf37c0c83432b3a5 |
|
VISUAL
aHash
|
000007078fffffff |
|
VISUAL
dHash
|
84634d5d5f130c0c |
|
VISUAL
wHash
|
0000070703ffffff |
|
VISUAL
colorHash
|
07000e00000 |
|
VISUAL
cropResistant
|
0000000000006185,634d5d7f53030c0d,8169858585452940,9b9b3f336b696577,1414448c14280813,b1a1f1f0f0f270f2 |
The phishing kit employs a credential harvester to capture user login credentials for Tiscali Mail. The kit likely intercepts form submissions in real-time, exfiltrating data to a remote server controlled by the attacker.
Secondary attack methods include stealing one-time passwords (OTPs) and payment card details through additional form fields designed to mimic legitimate authentication and payment processes.
Contains obfuscated code with potential credential harvesting and data exfiltration capabilities.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 1. VICTIM RECEIVES PHISHING EMAIL โ
โ - Email mimics Tiscali Mail branding โ
โ - Contains link to fake login page โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 2. VICTIM VISITS FAKE LOGIN PAGE โ
โ - Page replicates Tiscali Mail interface โ
โ - Displays credential input form โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 3. CREDENTIAL SUBMISSION โ
โ - Victim enters Banking credentials โ
โ - Form captures input data โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 4. DATA EXFILTRATION โ
โ - Credentials sent via HTTP POST โ
โ - Single endpoint receives stolen data โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 1. VICTIM RECEIVES PHISHING EMAIL โ
โ - Email mimics Tiscali Mail branding โ
โ - Contains link to fake login page โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 2. VICTIM VISITS FAKE LOGIN PAGE โ
โ - Page replicates Tiscali Mail interface โ
โ - Displays credential input form โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 3. CREDENTIAL SUBMISSION โ
โ - Victim enters Banking credentials โ
โ - Form captures input data โ
โโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ 4. DATA EXFILTRATION โ
โ - Credentials sent via HTTP POST โ
โ - Single endpoint receives stolen data โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain