Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T162E2D9329019683F069BB3D0A771B32A738683DED583171A42FDC71E5BDBE90DD1A4A4 |
|
CONTENT
ssdeep
|
384:FeaJzYbII14iIIIII9hYV5y/HC2l2g6PkCrGCyLElqQPfWpW:gaJ8bIIhIIIIIu5y/HCdg6PrrZTqQnx |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
86e3711c9c397396 |
|
VISUAL
aHash
|
00e1f7ff7f181818 |
|
VISUAL
dHash
|
8fcfcbf3e5f1f0f0 |
|
VISUAL
wHash
|
00f1ffdf7f181810 |
|
VISUAL
colorHash
|
19038000000 |
|
VISUAL
cropResistant
|
f363d3cadd988c8c,0002c8fcd4440000,8fcfcbf3e5f1f0f0 |
• Threat: Phishing
• Target: Individuals interested in crypto trading
• Method: Impersonation and enticing offers.
• Exfil: Potentially personal and financial information entered into the form.
• Indicators: High-profit claims, registration form.
• Risk: High
The attacker aims to steal user credentials (name, email, phone number) by having the user enter them into a fake registration form. The site is related to crypto, so the end goal could also be draining crypto wallets. JavaScript obfuscation detected as well.
There is a possibility of injecting malware after registration.
Pages with identical visual appearance (based on perceptual hash)