Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DA922E309010AA3701D393E2673A5B1BF3E2D294CA630A1927F9C30D6FD7E55CE67669 |
|
CONTENT
ssdeep
|
192:IY4kQmKBZkDOtn1f1RbePAo/zRi5XIaHjm8aKrF9cVfx2pPermJrJYzdaJfByI:IBNkDO11tdm/zavHyfQF9cVfmKdaJpyI |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
936d6992b46c8ee1 |
|
VISUAL
aHash
|
066070766e2e6440 |
|
VISUAL
dHash
|
94cac7cccccccdd2 |
|
VISUAL
wHash
|
666072767e6e7460 |
|
VISUAL
colorHash
|
38000600048 |
|
VISUAL
cropResistant
|
94cac7cccccccdd2 |
• Threat: Investment/Crypto Scam
• Target: Cryptocurrency users
• Method: Deceptive landing page with 'recoverable token' claims
• Exfil: Obfuscated JS exfiltration
• Indicators: High-pressure/vague financial terminology
• Risk: Critical
Uses a fake login portal to harvest credentials or seed phrases.
Potential connection to malicious DApps once user logs in.