Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T154F100B45181D63705E3D3D2A275236F63F4828AE913060923F9CB4D5FE9E21ECB6B51 |
|
CONTENT
ssdeep
|
96:TSMtaaXEraaXEsx8cMSJSwkYhfjHhHZAkFnlNKVoc5KbZXU9kufevmiDUy+a+0ki:mM4xd4wkMjByvqc41XUnKzqaXki |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
86e17d1c3c98c7c3 |
|
VISUAL
aHash
|
0260767f3f1f1e04 |
|
VISUAL
dHash
|
96cececcdcfcecfc |
|
VISUAL
wHash
|
0260767f3f3f1e04 |
|
VISUAL
colorHash
|
38000000180 |
|
VISUAL
cropResistant
|
96cececcdcfcecfc |
• Threat: Financial Phishing/Fraud
• Target: Banking customers
• Method: Brand impersonation of a non-existent or misrepresented financial institution
• Exfil: Likely leads to credential harvesting or account opening fraud
• Indicators: Extremely new domain, inconsistent naming on assets, generic site design
• Risk: High
The site mimics a banking portal to trick users into providing personal and banking credentials during an 'Account Opening' flow.
Collection of PII to facilitate unauthorized account access elsewhere.