Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15E037271D354ED7B91C2E2D6F731A29F7284D286AB43426683F8C7485BC7D88CC26C96 |
|
CONTENT
ssdeep
|
384:pshwY8OwywZnwswH/5wO/wJ/w8w1mymQ2mtm2mAmlmgmclum2mIlmDtMatJVr9Lv:Y7InLURQ/3MelQ0DiaRcA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd8932f6ce31e60c |
|
VISUAL
aHash
|
fffbfbf8f8e00000 |
|
VISUAL
dHash
|
3032323272049ce4 |
|
VISUAL
wHash
|
fff9f8f8f8e00000 |
|
VISUAL
colorHash
|
11006200000 |
|
VISUAL
cropResistant
|
3839193919382204,3032323272049ce4,179999f6e2f2131d,7664c89aa9c9a8a9,37a6a52a2ba22a7c |
• Threat: Cryptocurrency phishing site
• Target: DemoTrade users
• Method: Fake trading platform stealing login credentials
• Exfil: Data sent to unknown server
• Indicators: Mismatched domain, obfuscated JavaScript, forms present
• Risk: HIGH - Immediate credential theft
Pages with identical visual appearance (based on perceptual hash)