www.safraempresas.com.br and www.safraempeesas.com.br
In “Can you spot the Fake” contest, this Phishing attempt is a top-notch effort. Since this is a Brazilian Website, the language itself is difficult for me to understand, but it is not so for our Statistical URL Analyzer.
The first instance, when I viewed both the sites in the browser, it was simply impossible to tell the difference, so had to put these urls through our scanner and out came the result.
Take a look at the screenshots for the real and the fake site, and judge them. One of the best attempts by a scam artist, I would say. Both the domains, differ by just one character , in this case the bold text marks the difference.
Image 1
Image 2
The url for testing has been picked up from Phish Tank (ID: 1531609) and from Google.
Site 1: According to Analyzer www.safraempresas.com.br is a CLEAN Site.
Checking : hxxp://www.safraempresas.com.br/ Downloading Frame : www.safraempresas.com.br/Lado.htm Downloading Frame : www.safraempresas.com.br/principal_nv.htm Downloading Frame : wwws.safraempresas.com.br/pjseguro/cabecalho_login_emp_nv.asp Downloading Frame : www.safraempresas.com.br/menu_inferior.asp Downloading Frame : www.safraempresas.com.br/conteudo.asp Downloading Frame : www.safraempresas.com.br/Verifica_Flash.asp Downloading Script : www.safraempresas.com.br/java/geral.js Downloading Script : www.safraempresas.com.br/java/global.js Results=0 Analysis Time=0.0396613440710914
Site 2: According to the Analyzer www.safraempeesas.com.br one is definitely a Phishing site.
Checking : hxxp://www.safraempeesas.com.br Downloading Frame : prixreleve.ca/-/http:/safraempresas.com.br Fr=2 M1=1 Results=2 Analysis Time=0.00310135081524973
Answer:
Image 2 is that of the original site and Image 1 from the phishing site.
2 Comments
Pingback: To believe or not to believe | Welcome to the eScan Blog
Pingback: SURL Analyzer – Acreditar ou não | Blog do eScan Brasil