Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://online-services.cfd/index.html
Detected Brand
myGov
Country
Australia
Confiança
95%
HTTP Status
200
Report ID
5c688de8-5db…
Analyzed
2026-02-01 23:46
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AAA1313440946D3B524387D5AB766B1AB3D2C214DF931B0696F8C39D8FFADA2CE26214 |
|
CONTENT
ssdeep
|
96:n9S9KNJDt/a+biOGO/qDp8wvpcltCJIFw5vmDeJKH:ksNVt/a+blp/qddKCJIq8DeJM |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b31c1c1c0e66b3f3 |
|
VISUAL
aHash
|
0000efe7ffffffff |
|
VISUAL
dHash
|
20380c4d181c0c0c |
|
VISUAL
wHash
|
0000c7e7c7c7c7e7 |
|
VISUAL
colorHash
|
06007000000 |
|
VISUAL
cropResistant
|
20380c4d181c0c0c |
Análise de Código
Risk Score
50/100
Nível de Ameaça
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Usuários do myGov
• Método: Imitação e colheita de credenciais
• Exfil: hvck33m.php
• Indicadores: Incompatibilidade de domínio, formulário em domínio suspeito, domínio recente
• Risco: ALTO
🔐 Credential Harvesting Forms
📤 Form Action Targets
- hvck33m.php
📊 Detalhamento da Pontuação de Risco
Total Risk Score
90/100
Contributing Factors
Recent Domain
The domain is recently registered (less than 30 days old), which is a common characteristic of phishing sites.
Impersonation
The website closely imitates the myGov login page to steal user credentials.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Credential Harvesting Kit
Alvo
myGov users (Australia)
Método de Ataque
Brand impersonation + credential harvesting forms
Canal de Exfiltração
HTTP POST to backend
Avaliação de Risco
MEDIUM - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester
🏢 Análise de Falsificação de Marca
Impersonated Brand
myGov
Official Website
https:
Fake Service
myGov login
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The attacker creates a fake login page that mimics myGov and tricks users into entering their login credentials.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domínio
online-services.cfd
Registered
None
Registrar
Unknown
Estado
ACTIVE
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.