Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18D31F01041484C7BE10394F8E3E6361831CEC2A5CB4D5A0595F582BD5BABE8AFD76498 |
|
CONTENT
ssdeep
|
24:nNCCcHhTLYGXgStGKfXtEFGkVVWhN9uENSG0/JFVMBW0jf6uRf6jh8totjf6jhli:nNWHFLYGXzdoGgWhHx60WavBAJb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
87a61b9bf8640799 |
|
VISUAL
aHash
|
3f3f3f3f3f3f3f3f |
|
VISUAL
dHash
|
e8e0e6e6eee6e1e0 |
|
VISUAL
wHash
|
3f3f332323333f00 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
80808c8c9c8ca190,00304cb2b24c3000 |
• Threat: Credential harvesting phishing kit
• Target: Outlook users
• Method: Fake login form stealing email, username, and password
• Exfil: Data sent to Telegram bot
• Indicators: Unrelated domain, form action to 'send_telegram.php', mismatched branding
• Risk: HIGH - Immediate credential theft
Pages with identical visual appearance (based on perceptual hash)