Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D012A9B350010E6D1B2A579C77C3B25491ECB698D8945C10BFEC8BFE0EDADE1A1D7162 |
|
CONTENT
ssdeep
|
96:tLdRGiWJ4nNBieTNKcRGMbwyWibwyubwNRGIbwGMqh9bwm2UUUVGRGj80KbwEIEg:7WidUcvTJ2UTVG70DEohHuVY1kzptY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d3d26c6c31938367 |
|
VISUAL
aHash
|
407c7e2e00383020 |
|
VISUAL
dHash
|
8cecd8d8d8e0c4c2 |
|
VISUAL
wHash
|
62fc7e7e403c3c60 |
|
VISUAL
colorHash
|
38007000000 |
|
VISUAL
cropResistant
|
a3ababac6b535868,8cecd8d8d8e0c4c2 |
• Threat: Phishing/Brand Impersonation
• Target: WhatsApp users
• Method: Typosquatting and deceptive business service landing page
• Exfil: Unknown (potential credential harvesting)
• Indicators: Mismatched domain, recent registration, obfuscated code
• Risk: High
The site uses a typosquatted domain to appear as a legitimate extension of WhatsApp's service, targeting users looking for workflow/business tools.
Obfuscated scripts may be used to inject malicious behavior once a user interacts with the 'business' tools on the site.
Pages with identical visual appearance (based on perceptual hash)