Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C1A42ADD72D9B0A91B97B234D03F610AB27B2D81784CC410D666E9C53C7984ED273FAA |
|
CONTENT
ssdeep
|
6144:Fh+FstexlJWqdAVAp3YIeKwstexlJWqdAVAp3YIeKO:Yst5IeNst5Ie1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d5351a3a2a2f4d55 |
|
VISUAL
aHash
|
00fffafbffffffff |
|
VISUAL
dHash
|
df10261600000001 |
|
VISUAL
wHash
|
00c6d2fbffff0000 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
1b18160200000201,3f3ff3f3ef69ffff |
• Amenaza: Phishing
• Objetivo: Usuarios de CSS
• Método: Impersonación y robo de PII
• Exfil: ./lx/send_date.php
• Indicadores: Dominio no relacionado, envío de formulario, ofuscación de JS, solicitud de fecha de nacimiento.
• Riesgo: Alto
The attackers are using a form to collect users' personal data, such as date of birth. This is part of a larger scheme to steal user credentials and compromise their accounts.
The site mimics a legitimate service (CSS) and asks for seemingly harmless data (date of birth), to gain the user's trust, and prepare for further attacks.
ruxitagentjs_ICA2NVfgjqru_10281231207105659.jsPages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain