Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D973727511436E3F118387D5C36CE35AE386D609C767998BDBE8831B338AEA4CD39168 |
|
CONTENT
ssdeep
|
1536:Vb9MVcR1gNcE802amePeyCCM0Au1uIg+C0Ax9mo8Sy:sDEuzAsj5L |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e840a6bc366eb6b2 |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
84d383339437270c |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
06010000e00 |
|
VISUAL
cropResistant
|
108a88cbcbc988c8,3a65e5679ab93d25,38789d9c8c8c8d8f,a76464bba3535347,82928ccccc8cb282,c512302327000f0e,948bf3d3832b3393 |
⢠Threat: Financial Investment Fraud
⢠Target: Users seeking automated trading
⢠Method: Phishing landing page harvesting user PII
⢠Exfil: /send (likely to external backend)
⢠Indicators: Obfuscated JS, generic AI hype
⢠Risk: High
The site uses a deceptive landing page to gather personal user data, likely to be used in follow-up scams.
Hides the exfiltration endpoint to prevent automated detection.
Pages with identical visual appearance (based on perceptual hash)