Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
No screenshot available
Detection Info
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15F21DC71111869B32582E2D96176F78FF2C28205EB872344E6F1D3DE9BDEC94CC096C0 |
|
CONTENT
ssdeep
|
24:n/CbrDfJACfZhgbbCW7Yp2eQxPgJ7HAzzM:nWvxhRe/Clp2eQxP0HAzzM |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b366cc9932663399 |
|
VISUAL
aHash
|
ffffe7e7efefffff |
|
VISUAL
dHash
|
8d224c4d595e6295 |
|
VISUAL
wHash
|
07070707071f3f3f |
|
VISUAL
colorHash
|
07000000007 |
|
VISUAL
cropResistant
|
8d224c4d595e6295,4040a2d8c820c0c0 |
Code Analysis
🔒 Obfuscation Detected
- base64_strings
📡 API Calls Detected
- set_captcha_validated.php
🔬 Comprehensive Threat Analysis
⚠️ Indicators of Compromise
- Kit types: OTP Stealer
- 1 obfuscation techniques
⚔️ Attack Methodology
Primary Method: OTP Interception
The phishing kit employs an OTP stealer to capture one-time passwords sent via SMS or authenticator apps. Victims are tricked into entering OTPs on the fake page, which are then forwarded to the attacker in real-time for immediate account takeover.
Secondary Method: Credential Harvesting
Alongside OTP interception, the kit captures usernames and passwords entered by victims. These credentials are likely stored or exfiltrated for later use in unauthorized access to accounts.
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for mondialrelayy.cloudaccess.host
Found 2 other scans for this domain
