Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
No screenshot available
Informações de Detecção
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15F21DC71111869B32582E2D96176F78FF2C28205EB872344E6F1D3DE9BDEC94CC096C0 |
|
CONTENT
ssdeep
|
24:n/CbrDfJACfZhgbbCW7Yp2eQxPgJ7HAzzM:nWvxhRe/Clp2eQxP0HAzzM |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b366cc9932663399 |
|
VISUAL
aHash
|
ffffe7e7efefffff |
|
VISUAL
dHash
|
8d224c4d595e6295 |
|
VISUAL
wHash
|
07070707071f3f3f |
|
VISUAL
colorHash
|
07000000007 |
|
VISUAL
cropResistant
|
8d224c4d595e6295,4040a2d8c820c0c0 |
Análise de Código
🔒 Obfuscation Detected
- base64_strings
📡 API Calls Detected
- set_captcha_validated.php
🔬 Análise Integral de Ameaças
⚠️ Indicators of Compromise
- Kit types: OTP Stealer
- 1 obfuscation techniques
⚔️ Metodologia de Ataque
Primary Method: OTP Interception
The phishing kit employs an OTP stealer to capture one-time passwords sent via SMS or authenticator apps. Victims are tricked into entering OTPs on the fake page, which are then forwarded to the attacker in real-time for immediate account takeover.
Secondary Method: Credential Harvesting
Alongside OTP interception, the kit captures usernames and passwords entered by victims. These credentials are likely stored or exfiltrated for later use in unauthorized access to accounts.
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for mondialrelayy.cloudaccess.host
Found 2 other scans for this domain
