Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D98111319258983F988387ECF3A0FF1B268782A9D7421955B2FDD79A8BC6D51CE0059C |
|
CONTENT
ssdeep
|
48:QsCeNmTNMgr4SXUpoDo9yZ1H+P9QlqIXeQZfEkQSqMOT97EAdHw0LKZrxH2ADfxl:UWFyWYeQdEylhAqZ9it0NqM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d71a552e770a5532 |
|
VISUAL
aHash
|
00ffffffe7fffffe |
|
VISUAL
dHash
|
281018304c0c110e |
|
VISUAL
wHash
|
000c3f3fc0fcf8e0 |
|
VISUAL
colorHash
|
070000180c0 |
|
VISUAL
cropResistant
|
209810384c00010e,00000288988c4208 |
• Amenaza: Posible phishing de tarjetas de crédito dirigido a clientes de Aruba.it
• Objetivo: Clientes de Aruba.it
• Método: Formulario de pago falso alojado en un dominio no oficial para robar información de tarjetas de crédito
• Exfil: Desconocido, probablemente a una API personalizada o correo electrónico
• Indicators: Dominio no relacionado, solicita datos de tarjeta de crédito, formulario con campos de número de tarjeta y CVV
• Risk: MEDIO - Podría generar pérdidas financieras si se ven comprometidos los datos de la tarjeta de crédito
The phishing page presents a fake payment form impersonating Aruba.it, tricking victims into entering their credit/debit card details (cardholder name, card number, expiry date, and CVV). The data is likely exfiltrated in real-time to the attacker's server for immediate use or sale on dark web marketplaces.
While the primary focus is on payment card data, the harvested information can be used to conduct unauthorized transactions, clone cards, or commit identity theft for financial gain.
┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING EMAIL │
│ - Email mimics Aruba.it Banking alerts │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM CLICKS MALICIOUS LINK │
│ - Redirects to fake Aruba.it payment page │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. VICTIM ENTERS PAYMENT CARD DETAILS │
│ - Fake form collects card data (number, CVV, expiry) │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION │
│ - Card details sent via HTTP POST (form submission) │
└──────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING EMAIL │
│ - Email mimics Aruba.it Banking alerts │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM CLICKS MALICIOUS LINK │
│ - Redirects to fake Aruba.it payment page │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. VICTIM ENTERS PAYMENT CARD DETAILS │
│ - Fake form collects card data (number, CVV, expiry) │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION │
│ - Card details sent via HTTP POST (form submission) │
└──────────────────────────────────────────────────────────┘
Pages with identical visual appearance (based on perceptual hash)
Found 7 other scans for this domain