Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17651CF205189BD2F048392C48FB55B8E67D58321CF530B4512EDC39E9EC6D98DD2B845 |
|
CONTENT
ssdeep
|
48:dJoPDCSEGquo/vGjnYQZV1wpuM6e1e30DUH9Ab0GAkxo9orVClWTbK:rUuSM0YcTwpu54NDCjGAkxworVClYK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d4e83dc12df14a5a |
|
VISUAL
aHash
|
ffffffffff200000 |
|
VISUAL
dHash
|
26c4d5e6f0e88874 |
|
VISUAL
wHash
|
fffffdff08000000 |
|
VISUAL
colorHash
|
07006000000 |
|
VISUAL
cropResistant
|
26c6d5e6f0e8c85c,c8e8c88c1478f426 |
• Amenaza: Phishing
• Objetivo: Clientes de Santander
• Método: Suplantación de la página de inicio de sesión.
• Exfil: ./Assets/php/config/func.php
• Indicadores: Dominio no coincidente, código ofuscado, Acciones de formulario, Similitud de marca
• Riesgo: Alto
The attacker creates a fake login page that closely resembles the official Santander website. When users enter their credentials, the form submits this data to a server controlled by the attacker. The server uses the captured credentials for account takeover attacks.
Pages with identical visual appearance (based on perceptual hash)
Found 7 other scans for this domain