Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T195B1633021218FB72697D7E07A10FF9971CAA342DB138E04D2F89A6A1FC7D85CC916B1 |
|
CONTENT
ssdeep
|
96:nqYMKIj3VME5kFgwwd/6kmxj6F0OzqfRTu2gX+8sPwK3vi:qYMKIrOExm3a |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b838c6cf3832c739 |
|
VISUAL
aHash
|
ffcf8787c3ffffff |
|
VISUAL
dHash
|
051e1a1b1b001a0c |
|
VISUAL
wHash
|
f080818100363c24 |
|
VISUAL
colorHash
|
07000030040 |
|
VISUAL
cropResistant
|
051e1a1b1b001a0c,18a4a1b9c989899b |
• Ameaça: Phishing
• Alvo: Usuários Aruba.it
• Método: Imitação do login do webmail
• Exfil: ../next.php
• Indicadores: Incompatibilidade de domínio, ofuscação, ações de formulário para um caminho suspeito
• Risco: Alto
The attacker is attempting to steal user credentials by mimicking the Aruba.it login page. Users are tricked into entering their login details on a fake site, which are then harvested by the attacker.
Pages with identical visual appearance (based on perceptual hash)
Found 10 other scans for this domain