Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A5F2E7726204763A0AE381D1AB25276B73EDD2C8D35B0A125AFDC36C5BC2D57DD32728 |
|
CONTENT
ssdeep
|
384:XuEv55WDOYV3wO9Th58wiDu1V1Kt6x90r5lfzVXAf4upYjkoRgZqgS2395WV:eEhHawO9158wDHKc2RpoAjBngfG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b046e719cccc19cf |
|
VISUAL
aHash
|
67c3e79fcf8fe7e7 |
|
VISUAL
dHash
|
8c0d0c3010980f0c |
|
VISUAL
wHash
|
7fc3001c0c0cffe7 |
|
VISUAL
colorHash
|
07000038000 |
|
VISUAL
cropResistant
|
8c0d0c3010980f0c |
• Threat: Possible Scam
• Target: Cryptocurrency users
• Method: Offering Bitcoin QR code generation
• Exfil: Potentially through Javascript, though unclear.
• Indicators: Domain name, form inputs, obfuscation
• Risk: Low
The site's primary function is to accept and display a user-provided bitcoin address as a QR code. A malicious actor could use this to harvest bitcoin addresses, possibly for phishing or other scams.
The presence of obfuscated javascript makes it possible the site is attempting to record the inputted Bitcoin address.
Pages with identical visual appearance (based on perceptual hash)