Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A73210309541ED2B4093C6E89770878FB3D4C385CA271B5623F5C7AEAECBD96DD02984 |
|
CONTENT
ssdeep
|
192:z02CJZs9eHLYwwcXetqzSCegomqH1tGOQI9:gLJZGeHLuKum0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ece943929238e1ed |
|
VISUAL
aHash
|
fffffbffff000000 |
|
VISUAL
dHash
|
2b2312372452f0d4 |
|
VISUAL
wHash
|
fdffc3d7df000000 |
|
VISUAL
colorHash
|
070020001c0 |
|
VISUAL
cropResistant
|
032922131f372603,0c3232002aa4940a,8292489696969680,00143070c4d4d4d4 |
• Threat: False association of a legitimate service with a suspicious domain
• Target: Crypto wallet (imToken) users
• Method: Showing imToken's UI without being connected to the real site
• Exfil: No exfiltration detected, screenshot only shows the interface
• Indicators: Suspicious domain (binashealthtips.com), legitimate interface
• Risk: LOW - Misleading association, low risk as it does not steal data directly
Pages with identical visual appearance (based on perceptual hash)