Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13DF26271D354ED7B91C2E3D6F731A29F7284D286AB4341A683F8C7485B87D88CC26C96 |
|
CONTENT
ssdeep
|
384:jshwH8Pxwrwbw+wL1TY/w7PwKwLmRmmmAmVmtmHmomcljmAmtlmUtMatMVr9L/Yp:6lMkt9ePxUlc0Uiae+p |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd8932f6ce31e60c |
|
VISUAL
aHash
|
fffbfbf8f8e00000 |
|
VISUAL
dHash
|
3032323272049ce4 |
|
VISUAL
wHash
|
fff9f8f8f8e00000 |
|
VISUAL
colorHash
|
11006200000 |
|
VISUAL
cropResistant
|
3839193919382204,3032323272049ce4,179999f6e2f2131d,7664c89aa9c9a8a9,37a6a52a2ba22a7c |
• Threat: Credential harvesting phishing targeting WYXERA users.
• Target: WYXERA crypto exchange users.
• Method: Fake WYXERA website with forms to steal login credentials.
• Exfil: Data exfiltration method is unknown, likely custom API, potentially to a Telegram or Discord bot.
• Indicators: IP address used as domain, obfuscated Javascript, presence of forms.
• Risk: HIGH - Immediate credential theft.
Pages with identical visual appearance (based on perceptual hash)