Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17C552B487241722082A760E7A43F154AE236E559A40940D8FD79CAF72CB9F49F27FF39 |
|
CONTENT
ssdeep
|
24576:1/rypYbgRLqPJaFIrnyUV7odLoNYIicuB1B:1TypYbgRLqPJaFIrnyUV7oeNYIgB1B |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b762e23f22e23718 |
|
VISUAL
aHash
|
e7ffefe70000ffff |
|
VISUAL
dHash
|
4d0c0c4c7179808c |
|
VISUAL
wHash
|
c3c3dbc30000fcff |
|
VISUAL
colorHash
|
07003000640 |
|
VISUAL
cropResistant
|
4d0c0c4c7179808c |
• Ameaça: Phishing de Credenciais
• Alvo: Clientes da AT&T
• Método: Impersonação e envio de formulário
• Exfil: /users/sign_in (provavelmente um redirecionamento)
• Indicadores: Incompatibilidade de domínio, ofuscação, formulário para credenciais
• Risco: Alto
The attackers are attempting to steal user credentials by mimicking an AT&T login page. They use a similar design and logo to trick users into entering their account information.
The site uses obfuscated JavaScript (eval, fromCharCode, hex_escape) to make it difficult to analyze the malicious code.
Pages with identical visual appearance (based on perceptual hash)
Found 10 other scans for this domain