Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B8810A70A5612E7F4727CCC4B474ABAD25E3EB0ECD6A6411B7AC82C50FD3EE4E911192 |
|
CONTENT
ssdeep
|
96:nGlSdV88888888888P2folo4VK0p3FKizLhKjzLRTKXzLyKPzL/Kkt:GlSdw7iRQfam |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e666666689993333 |
|
VISUAL
aHash
|
e7e7e7e7e7e7e7e7 |
|
VISUAL
dHash
|
4d0c0c0e0c0c0c0c |
|
VISUAL
wHash
|
c3c3c3c3c3c3c3c3 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
4d0c0c0e0c0c0c0c,6080806288861680,8c31320c81008900 |
Análisis de Código
🔒 Obfuscation Detected
- eval
- fromCharCode
- unescape
- hex_escape
- unicode_escape
- base64_strings
📡 API Calls Detected
- right
- POST
- left
- GET
📊 Desglose de Puntuación de Riesgo
Contributing Factors
🔬 Análisis Integral de Amenazas
🏢 Análisis de Suplantación de Marca
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The phishing kit is designed to capture user credentials through a form submission. The form likely intercepts input in real-time or upon submission, sending data to a remote server controlled by the attacker.
Secondary Method: OTP and Payment Data Theft
The kit includes modules for stealing one-time passwords (OTPs) and payment card details, suggesting a multi-stage attack to bypass 2FA and harvest financial information.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
🦠 Malicious Files
Highly obfuscated JavaScript file with 24 detected obfuscation techniques, likely used for credential harvesting and data exfiltration.
🤖 AI-Extracted Threat Intelligence
🎯 Malicious Files Identified
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
