Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19BC1C73551448C3DA63BC2A8D3B5372B61A6C245CA4302F6C7F103BEA7E6D99DC670E8 |
|
CONTENT
ssdeep
|
96:V09TBn9YLfqtHczu9rbUTaZ4KArrCbyTCu:q9TYu9UmZ4KArrWyTCu |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b333998c666666cc |
|
VISUAL
aHash
|
e7e7e7e7ffffffef |
|
VISUAL
dHash
|
0c0c4c4d000c000c |
|
VISUAL
wHash
|
e0e0e0e03f3f2727 |
|
VISUAL
colorHash
|
07000000000 |
|
VISUAL
cropResistant
|
0c0c4c4d000c000c |
The phishing kit employs form-based credential harvesting to capture user inputs in real-time. Data is likely intercepted via JavaScript event listeners on form fields, then transmitted to a Discord webhook for exfiltration.
The kit includes functionality to intercept one-time passwords (OTPs) by mimicking legitimate OTP input fields. Captured OTPs are sent alongside credentials to bypass multi-factor authentication.
Contains obfuscated JavaScript with potential credential harvesting and data exfiltration capabilities.
Here's a generic ASCII art attack flow diagram for the phishing attack:
```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL CONTACT │
│ - Victim receives phishing message │
│ - Directed to fake Banking site │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE │
│ - Mimics legitimate Banking site │
│ - Presents credential input form │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE │
│ - Victim enters Banking credentials │
│ - Data collected by attacker │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA TRANSMISSION │
│ - Stolen credentials sent to external service │
│ - Single communication channel used │
└──────────────────────────────────────────────────────────┘
```
Here's a generic ASCII art attack flow diagram for the phishing attack:
```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL CONTACT │
│ - Victim receives phishing message │
│ - Directed to fake Banking site │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE │
│ - Mimics legitimate Banking site │
│ - Presents credential input form │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE │
│ - Victim enters Banking credentials │
│ - Data collected by attacker │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA TRANSMISSION │
│ - Stolen credentials sent to external service │
│ - Single communication channel used │
└──────────────────────────────────────────────────────────┘
```
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain