Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14091656F4104223A2AD301C4BA2517DEF77582EDD5A67BAEA9E8913C0BE7F0384735D1 |
|
CONTENT
ssdeep
|
96:nLfOwRElY8IxJZ2VQsWPO7YOPYoqWXkteZ:zObl7vVTV7NYWP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b8cdcf9338349632 |
|
VISUAL
aHash
|
dbfbc7c3cfe7c7c3 |
|
VISUAL
dHash
|
32221e969e0c0e16 |
|
VISUAL
wHash
|
93c3c3c3c3c3c3c3 |
• Threat: Brand impersonation phishing
• Target: MetaMask users
• Method: Displaying the MetaMask brand on a free hosting website
• Exfil: Not applicable (no data extraction visible, but likely if a login form were present)
• Indicators: Free hosting, domain mismatch, MetaMask branding
• Risk: HIGH - Brand impersonation can trick users into trusting a fake website
Pages with identical visual appearance (based on perceptual hash)