Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CF61CC39A101A9B351CBD2E1BBF0975F7B9282C5EE53274253E4C36D4BD5D98CD04171 |
|
CONTENT
ssdeep
|
96:TVo9ALGMcUvE3yAuNgii2gQygWvg5J/R9TO:y9d+vJAuKiilQBWY5BRM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f3866633cc66c899 |
|
VISUAL
aHash
|
e7e4fce4fce4e4f8 |
|
VISUAL
dHash
|
28282808184c4c30 |
|
VISUAL
wHash
|
e6e4f8e0e8e0e0f8 |
|
VISUAL
colorHash
|
070000101c0 |
|
VISUAL
cropResistant
|
28282808184c4c30 |
• Threat: Phishing
• Target: Unspecified (likely documents or files)
• Method: Email harvesting
• Exfil: fromCharCode, unescape, base64_strings
• Indicators: Suspicious domain, request for email, form submission.
• Risk: HIGH
This is a credential harvesting phishing attack. The attacker is attempting to collect email addresses, which could be used for further phishing attempts or to gain access to accounts.
The site uses obfuscated javascript that could be used for a drive-by download of malware.
Pages with identical visual appearance (based on perceptual hash)