Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://online-services.cfd/index.html
Detected Brand
myGov
Country
Australia
Confianza
95%
HTTP Status
200
Report ID
5c688de8-5db…
Analyzed
2026-02-01 23:46
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AAA1313440946D3B524387D5AB766B1AB3D2C214DF931B0696F8C39D8FFADA2CE26214 |
|
CONTENT
ssdeep
|
96:n9S9KNJDt/a+biOGO/qDp8wvpcltCJIFw5vmDeJKH:ksNVt/a+blp/qddKCJIq8DeJM |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b31c1c1c0e66b3f3 |
|
VISUAL
aHash
|
0000efe7ffffffff |
|
VISUAL
dHash
|
20380c4d181c0c0c |
|
VISUAL
wHash
|
0000c7e7c7c7c7e7 |
|
VISUAL
colorHash
|
06007000000 |
|
VISUAL
cropResistant
|
20380c4d181c0c0c |
Análisis de Código
Risk Score
50/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de myGov
• Método: Suplantación de identidad y recopilación de credenciales
• Exfil: hvck33m.php
• Indicadores: Coincidencia de dominio, formulario en dominio sospechoso, dominio reciente
• Riesgo: ALTO
🔐 Credential Harvesting Forms
📤 Form Action Targets
- hvck33m.php
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Recent Domain
The domain is recently registered (less than 30 days old), which is a common characteristic of phishing sites.
Impersonation
The website closely imitates the myGov login page to steal user credentials.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Credential Harvesting Kit
Objetivo
myGov users (Australia)
Método de Ataque
Brand impersonation + credential harvesting forms
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
MEDIUM - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester
🏢 Análisis de Suplantación de Marca
Impersonated Brand
myGov
Official Website
https:
Fake Service
myGov login
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker creates a fake login page that mimics myGov and tricks users into entering their login credentials.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
online-services.cfd
Registered
None
Registrar
Unknown
Estado
ACTIVE
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.