Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D4E229B4A230D335B1C247E8DA6429687A5FE1DCD7C695B4E388AF11B0D6CECD5260CB |
|
CONTENT
ssdeep
|
384:4r/aJcui8m8RhiXkdvNTDhPhLxeAxeDWNW1Tp34PxeeJEmuW3AsEARWEMd:4r/aJcuS6hhPhleMeDGCSPxeeWmHLW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3393ffc6815384c |
|
VISUAL
aHash
|
00242070f0f47670 |
|
VISUAL
dHash
|
4ccccac1c1c4ccc1 |
|
VISUAL
wHash
|
806620f0f0f6fff0 |
|
VISUAL
colorHash
|
30600018000 |
|
VISUAL
cropResistant
|
f8da8cccfb79f1ac,69e8f0b9f8686868,88304c4d4c300882,4ccccac1c1c4ccc1 |
• Threat: Credential harvesting phishing kit
• Target: Unknown brand, possibly sports betting users
• Method: Fake registration form stealing email and password
• Exfil: Data sent to WebSocket API (wss://gambler-work.com/api/ws)
• Indicators: Recent domain, obfuscated JavaScript, suspicious WebSocket URL
• Risk: HIGH - Immediate credential theft
Pages with identical visual appearance (based on perceptual hash)