Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CF61CC39A101A9B351CBD2E1BBF0975F7B9282C5EE53274253E4C36D4BD5D98CD04171 |
|
CONTENT
ssdeep
|
96:TVo9ALGMcUvE3yAuNgii2gQygWvg5J/R9TO:y9d+vJAuKiilQBWY5BRM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f3866633cc66c899 |
|
VISUAL
aHash
|
e7e4fce4fce4e4f8 |
|
VISUAL
dHash
|
28282808184c4c30 |
|
VISUAL
wHash
|
e6e4f8e0e8e0e0f8 |
|
VISUAL
colorHash
|
070000101c0 |
|
VISUAL
cropResistant
|
28282808184c4c30 |
• Amenaza: Phishing
• Objetivo: Usuarios de un repositorio de documentos
• Método: Solicita la dirección de correo electrónico para acceder.
• Exfil: Javascript Ofuscado, probablemente a un servidor backend
• Indicadores: Formularios detectados, envío de formularios JavaScript, marca genérica, solicita información confidencial.
• Riesgo: ALTO
The site uses a form to collect the victim's email address. This information is then likely used for further attacks like password resets, account takeover, or spam campaigns.
Malicious JavaScript code obfuscation hides the true intent and capabilities of scripts to make it harder to detect and analyze
Pages with identical visual appearance (based on perceptual hash)