Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12E82C6B0201856BF248B87B5FB307B25B27994CEE17FC195E3E8C692AF91CA6CD51350 |
|
CONTENT
ssdeep
|
192:j6b826ty3aBj451515151iHjAkeOFNQWjofVvmlHbV7/0a6bYrM8H9VOW8:R26aaBOLLL4Hjve01iM7YSMY38 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b9a96152821b6ebe |
|
VISUAL
aHash
|
0fcb8f0f0e000c46 |
|
VISUAL
dHash
|
1b9b3a1b5c18da9c |
|
VISUAL
wHash
|
0fcf8f0f0f0c0c6e |
|
VISUAL
colorHash
|
39208000240 |
|
VISUAL
cropResistant
|
1b9b3a1b5c18da9c |
• Threat: Cryptocurrency Phishing / Asset Theft
• Target: Trezor users
• Method: Impersonation of hardware wallet services with 'recovery' or 'backup' lures
• Exfil: User credentials or recovery seed phrases
• Indicators: Use of stolen Trezor UI imagery and 'bank reset' conspiracy narratives
• Risk: Critical
The site lures users to input seed phrases or credentials under the guise of an account backup or recovery operation.
Using legitimate-looking UI screenshots to bypass user suspicion.