Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FAC163359461AE37548791D5EBF2A31FA6A18349C3271E0563F483AEAFC6F59CC13086 |
|
CONTENT
ssdeep
|
48:xNpQbqwBOjzTCsRHgWTiS04YsN1i204mNCRfFQmc7IKfi60CbOz+wt89V3Lz74p+:xs89HdTiSD3N1i2Dt5c+wxfpHjz9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e4ec4b1bb03666e1 |
|
VISUAL
aHash
|
fffff7d7ff000000 |
|
VISUAL
dHash
|
2d1227253642d4d4 |
|
VISUAL
wHash
|
fffbd3d7d7000000 |
|
VISUAL
colorHash
|
060020001c0 |
|
VISUAL
cropResistant
|
2f20022725b5344b,083032100994c201,922a9696b6b69292,107068c4d4d4d4c0 |
• Threat: Potential phishing site impersonating imToken
• Target: imToken users globally
• Method: Misleading users to download a potentially malicious app
• Exfil: No direct exfiltration detected, but domain mismatch is suspicious
• Indicators: Recent domain, unrelated domain name, impersonation of imToken brand
• Risk: HIGH - Users may download malicious software
Pages with identical visual appearance (based on perceptual hash)
Found 3 other scans for this domain