Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C441EB00842C6C77924361D86BC5FB477667C346CF151949E3F0CA6E5BE6D18CE592B8 |
|
CONTENT
ssdeep
|
48:CpE2wEgKOEYkUVy9wPSNNbPSWI+Bpv3e6hse9hkaaOkHePSW4:irOIRwPSvbPSf |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
83fe6e0103839bfa |
|
VISUAL
aHash
|
3f3f3f3f3f3f3f3f |
|
VISUAL
dHash
|
d0c6ccd8d0d0d0d0 |
|
VISUAL
wHash
|
3f23070730303030 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
808c989080808080,f184acb6b6ac84f3,0e71710e20000000 |
⢠Threat: Credential Phishing
⢠Target: Microsoft Outlook users
⢠Method: Impersonation of Outlook login page
⢠Exfil: Credentials will be stolen
⢠Indicators: Free hosting, brand logo, login form.
⢠Risk: HIGH
The attacker is using a look-alike page to trick users into entering their Outlook credentials.
Use of atob and fromCharCode to obfuscate the code, probably for anti-detection purposes.
Pages with identical visual appearance (based on perceptual hash)