Phishing Analysis: Malta Airport

Captura Visual

Información de Detección

https://auth-secure.me/QGzrBLQ5YfdCUg

Detected Brand

Malta Airport

Country

International

Confidence

100%

HTTP Status

200

Report ID

35d8df00-3c1…

Analyzed

2026-03-11 16:18

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T11BD1FF7150509D3B5293C6D4B3B56B4F3394C346EA87566AA7F8C78C0EF3E26CC1A226
CONTENT ssdeep	96:DIpkCGTHRPyCdM+krwkM2qs39TbJG9KjsWsjOq0U2gs0sjOjOVJQ6Q6ynQjNsjOY:ZPdfk8G9TbJG9akDOVJQyyQjM

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9c497326cc99d9e4
VISUAL aHash	18001818191f0f9f
VISUAL dHash	7161313331727d38
VISUAL wHash	191818181f1f1fff
VISUAL colorHash	070000001c0
VISUAL cropResistant	7161313331727d38

Análisis de Código

Risk Score 70/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios del Aeropuerto de Malta
• Método: Suplantación de dominio
• Exfil: Probablemente roba credenciales
• Indicadores: Dominio no coincidente, suplantación de marca
• Riesgo: ALTO

🎯 Kit Endpoints

https://passwordreset.microsoftonline.com/?ru=https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-686658763842&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-8621-21bc5137cc6d&protectedtoken=true&domain_hint=maltairport.com&nonce=916619701478.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=bWFyY29uLmhpbGlAbWFsdGFpcnBvcnQuY29t#
https://login.microsoftonline.com/common/login#
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-472171214806&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-1201-21bc5137cc6d&protectedtoken=true&domain_hint=maltairport.com&nonce=425232347477.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=bWFyY29uLmhpbGlAbWFsdGFpcnBvcnQuY29t#
https://login.microsoftonline.com/common/oauth2/authorize?client_id=00000001-0000-cff1-ce00-224908336031&response_mode=form_post&response_type=code+id_token&scope=openid&msafed=1&msaredir=1&client-request-id=d98292e6-fa3f-ce32-3952-21bc5137cc6d&protectedtoken=true&domain_hint=maltairport.com&nonce=289639609394.ec82d3ed-b372-7cd6-3e42-fcfc13352e79&state=bWFyY29uLmhpbGlAbWFsdGFpcnBvcnQuY29t#

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Domain Mismatch

The domain 'auth-secure.me' is completely unrelated to the intended brand (Malta Airport).

Impersonation

The page visually attempts to impersonate a legitimate login page of the brand.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Two-Factor Authentication Stealer

Objetivo

Malta Airport users (International)

Método de Ataque

Brand impersonation

Canal de Exfiltración

Form submission (backend endpoint not detected - likely JavaScript-based)

Evaluación de Riesgo

HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Personal Info

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Malta Airport

Official Website

null

Fake Service

Login portal

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker aims to steal user credentials by mimicking the login page of Malta Airport. Users are tricked into entering their login information on the fake site.