Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T100529737320C98371B335F9C69C07229E4C7551FCBA59D8294EA85A92EC3FB99D4409F |
|
CONTENT
ssdeep
|
384:wPuvs7EPXIAopwTvJ6rpH6phelCriXKHFNVeTUFfDf/DVfH:wPuvs7EPXhopwTvJ6ropTcUZr/DpH |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b35313135b1b5353 |
|
VISUAL
aHash
|
00ffffffffffffff |
|
VISUAL
dHash
|
49184c0000162600 |
|
VISUAL
wHash
|
00c0c0f8f38190f0 |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
1c0c0000000e2400,26195ae949494639 |
โข Threat: Phishing
โข Target: Facebook users
โข Method: Impersonation and redirection
โข Exfil: Facebook login credentials
โข Indicators: Domain mismatch, obfuscated JavaScript, Facebook-like content.
โข Risk: HIGH
The site uses a fake login form to steal Facebook credentials. Users are tricked into entering their login details, which are then harvested by the attackers.
The site uses a message similar to Facebook to increase the user's perception of urgency to login.
Pages with identical visual appearance (based on perceptual hash)