Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10BD1B53055107D86A233A294B8A28B4F7307931EDB4A4CB8A3FC9BC1D7DFBD544265A3 |
|
CONTENT
ssdeep
|
96:/FtjNRBXddbDAgFkuQc5DmeOiXHqRkIpuLHgGQkJPuLU7GpkJx2WtR6Bn/XddR:PjNHDAgWEPrKRmLHgGQdLU7GpGc5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b81cc7733cce5930 |
|
VISUAL
aHash
|
ffdfdb8383cff7ff |
|
VISUAL
dHash
|
e394b6363696c492 |
|
VISUAL
wHash
|
ff4711010303777f |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
e394b6363696c492,278f1e1ec7612583 |
โข Threat: Phishing
โข Target: Users visiting a sporting website or brand.
โข Method: Displaying a restricted access message to harvest data or redirect to a malicious site.
โข Exfil: Potentially uses atob, eval, and fromCharCode obfuscation for Javascript, indicating data exfiltration efforts.
โข Indicators: Unrelated domain name, access restriction message, the presence of multiple sports logos and IP.
โข Risk: High
The site uses an 'Access Restricted' page combined with the display of sports team logos to trick the user into believing the site is legitimate or they need to take action. The use of a domain name unrelated to the sports teams or brand.
The presence of Javascript obfuscation strongly suggests that the site may be designed to deliver a malicious payload, or harvest data through a client-side attack.
Pages with identical visual appearance (based on perceptual hash)