Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17651CF205189BD2F048392C48FB55B8E67D58321CF530B4512EDC39E9EC6D98DD2B845 |
|
CONTENT
ssdeep
|
48:dJoPDCSEGquo/vGjnYQZV1wpuM6e1e30DUH9Ab0GAkxo9orVClWTbK:rUuSM0YcTwpu54NDCjGAkxworVClYK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d4e83dc12df14a5a |
|
VISUAL
aHash
|
ffffffffff200000 |
|
VISUAL
dHash
|
26c4d5e6f0e88874 |
|
VISUAL
wHash
|
fffffdff08000000 |
|
VISUAL
colorHash
|
07006000000 |
|
VISUAL
cropResistant
|
26c6d5e6f0e8c85c,c8e8c88c1478f426 |
โข Threat: Phishing
โข Target: Santander customers
โข Method: Impersonation of login page.
โข Exfil: ./Assets/php/config/func.php
โข Indicators: Mismatched domain, Obfuscated code, Form actions, Branding similarity
โข Risk: High
The attacker creates a fake login page that closely resembles the official Santander website. When users enter their credentials, the form submits this data to a server controlled by the attacker. The server uses the captured credentials for account takeover attacks.
Pages with identical visual appearance (based on perceptual hash)
Found 7 other scans for this domain