Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D98111319258983F988387ECF3A0FF1B268782A9D7421955B2FDD79A8BC6D51CE0059C |
|
CONTENT
ssdeep
|
48:QsCeNmTNMgr4SXUpoDo9yZ1H+P9QlqIXeQZfEkQSqMOT97EAdHw0LKZrxH2ADfxl:UWFyWYeQdEylhAqZ9it0NqM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d71a552e770a5532 |
|
VISUAL
aHash
|
00ffffffe7fffffe |
|
VISUAL
dHash
|
281018304c0c110e |
|
VISUAL
wHash
|
000c3f3fc0fcf8e0 |
|
VISUAL
colorHash
|
070000180c0 |
|
VISUAL
cropResistant
|
209810384c00010e,00000288988c4208 |
• Threat: Credit card phishing targeting Aruba.it customers.
• Target: Aruba.it customers.
• Method: Fake payment form to steal credit card details.
• Exfil: Data is sent to hassan2.php.
• Indicators: Domain mismatch (climbwest.com.au vs aruba.it), credit card form, hassan2.php form action.
• Risk: CRITICAL - Real-time credit card theft.
Pages with identical visual appearance (based on perceptual hash)
Found 10 other scans for this domain