Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CA638AB38042B53B02D3D3D446367B6EF3C2514ECAAE0A8641F4D76A9F87D92CE6151E |
|
CONTENT
ssdeep
|
1536:2V+4j/xjQSUUz9W8H4b44H8dZs5Q4ea4U4q4sNommm/65:2V+4j/xjQSUUz9W868dZsammmw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f7bb083677080877 |
|
VISUAL
aHash
|
00ffffffff000000 |
|
VISUAL
dHash
|
43082a0c0cf0008a |
|
VISUAL
wHash
|
00ffffffff000000 |
|
VISUAL
colorHash
|
1e000038000 |
|
VISUAL
cropResistant
|
0808080c004c4c00,0040017373050000,4100103230100800,01dca4e4caca8080 |
• Ameaça: Phishing de credenciais
• Alvo: Clientes da Apple
• Método: Personificação via formulário de login
• Exfil: https://samtdpp.com/shop/orderinquiry.php, https://samtdpp.com/bbs/login_check.php, https://samtdpp.com/bbs/password_form_update.php
• Indicadores: Incompatibilidade de domínio, Obfuscação, Formulário de login.
• Risco: Alto
The attacker is using a fake login form that mimics an Apple login page. Users are tricked into entering their Apple ID and password, which are then harvested by the attackers.
The attacker likely uses social engineering techniques, such as sending emails or SMS messages, to direct users to the phishing website.
Found 2 other scans for this domain