Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B7C33321C6A41333D205078AD3DB7756679BC1C7CCA2BCB8A1708179DBB9D891CB7DA2 |
|
CONTENT
ssdeep
|
3072:ekuSKJrjylK2E6IOZuagKI3ImJS2QgIYLQICeIkPksuGIyIhuBn1/ls:vKNQ5Idf3N9ls |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f952c9b62586563c |
|
VISUAL
aHash
|
ffc8000000c7fbfb |
|
VISUAL
dHash
|
2b18188a0a8a3213 |
|
VISUAL
wHash
|
ffc8800200c7fbfb |
|
VISUAL
colorHash
|
06c01000000 |
|
VISUAL
cropResistant
|
2a18188a0a8a3213,0020d0d0d0d02040,d696969311331b59,2921c16170787c7c,9f8d0d8c8f232260 |
• Threat: Financial Phishing
• Target: Investors
• Method: Investment portal front
• Exfil: JavaScript form submission
• Indicators: Obfuscated script, multiple forms
• Risk: High
The site uses a deceptive investment interface to convince users to enter sensitive login information into a fake brokerage portal.
Used to mask the destination of form data and bypass simple static analysis.