Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T106316A7060859E7B95CA93F05630A71B27D1C286CA8B0B0496FCD79E4FFAD81CD1A168 |
|
CONTENT
ssdeep
|
24:n/CcC1OMN8AlA3s3NBlBMi/nStBJI1QRjHb7gUbzJvcFXVPozvcFXVa:nXCNPICLnMi/G20jfBvcnuvcna |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f3a38c4ca3666699 |
|
VISUAL
aHash
|
ffffe7e7ff0000ff |
|
VISUAL
dHash
|
28284d4d48288000 |
|
VISUAL
wHash
|
2020242400000003 |
|
VISUAL
colorHash
|
06007000000 |
|
VISUAL
cropResistant
|
28084c484d4d4948,0000000000000000,61176171790d5141,0c68106860500000 |
• Threat: Phishing
• Target: AXA customers
• Method: Impersonation via login form on unrelated domain.
• Exfil: ./Bismllah/index.php
• Indicators: Domain mismatch, impersonation of AXA, form action.
• Risk: High
The attacker is using a fake login form to steal the user's AXA login credentials (email and password).
The attacker uses the recognizable AXA logo and a convincing login form to trick users into entering their credentials.
Pages with identical visual appearance (based on perceptual hash)
Found 2 other scans for this domain