Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DA21127140544CA9D102E0D453D1EA4D39DBC622CECB15116AF8879D76FDC82CE645D5 |
|
CONTENT
ssdeep
|
24:I2Co3iZh8Gqhoiw5TdmPyhSr76hcxPwN9uENMSC2E:Im8GGgoi4dmPy9hcxIHxKd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
881d267399dcccd9 |
|
VISUAL
aHash
|
0000181818180800 |
|
VISUAL
dHash
|
cfb3b2b2b2b2b3cf |
|
VISUAL
wHash
|
01191b1b1f1f1f1f |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
cc8e96e8f4c07113,cfb3b2b2b2b2b3cf |
⢠Threat: Phishing
⢠Target: Outlook users
⢠Method: Credential harvesting
⢠Exfil: https://smartforms.dev/submit/696d6c4cc184545ccc21863f
⢠Indicators: Mismatched domain, form action to suspicious site.
⢠Risk: High
The site is designed to collect user credentials by mimicking the Microsoft Outlook login page. Users are prompted to enter their email, domain/username and password. These credentials are then sent to a malicious third-party domain (smartforms.dev).
Pages with identical visual appearance (based on perceptual hash)