Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13CC142E0C414ED37436286D99BF56B0BB7D1C349CB421D4093F883AB5BCAC60DA256A9 |
|
CONTENT
ssdeep
|
96:nkJ9SzeFvMSfuSTCctuXeDDF0CXSHFSOXNz/JHY3GJ:kJ9SzeFdjWckXeDOLzJGA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bf37c0c83432b3a5 |
|
VISUAL
aHash
|
000007078fffffff |
|
VISUAL
dHash
|
84634d5d5f130c0c |
|
VISUAL
wHash
|
0000070703ffffff |
|
VISUAL
colorHash
|
07000e00000 |
|
VISUAL
cropResistant
|
0000000000006185,634d5d7f53030c0d,8169858585452940,9b9b3f336b696577,1414448c14280813,b1a1f1f0f0f270f2 |
The phishing kit employs a credential harvester to capture user login credentials for Tiscali Mail. The kit likely intercepts form submissions in real-time, exfiltrating data to a remote server controlled by the attacker.
Secondary attack methods include stealing one-time passwords (OTPs) and payment card details through additional form fields designed to mimic legitimate authentication and payment processes.
Contains obfuscated code with potential credential harvesting and data exfiltration capabilities.
┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING EMAIL │
│ - Email mimics Tiscali Mail branding │
│ - Contains link to fake login page │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM VISITS FAKE LOGIN PAGE │
│ - Page replicates Tiscali Mail interface │
│ - Displays credential input form │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL SUBMISSION │
│ - Victim enters Banking credentials │
│ - Form captures input data │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION │
│ - Credentials sent via HTTP POST │
│ - Single endpoint receives stolen data │
└──────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────────┐
│ 1. VICTIM RECEIVES PHISHING EMAIL │
│ - Email mimics Tiscali Mail branding │
│ - Contains link to fake login page │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 2. VICTIM VISITS FAKE LOGIN PAGE │
│ - Page replicates Tiscali Mail interface │
│ - Displays credential input form │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL SUBMISSION │
│ - Victim enters Banking credentials │
│ - Form captures input data │
└────────────────────┬─────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA EXFILTRATION │
│ - Credentials sent via HTTP POST │
│ - Single endpoint receives stolen data │
└──────────────────────────────────────────────────────────┘
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain