Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T198412563A3844817432793D14FC7B26492AA4A9FE5011D019AEC53AD07E9FF4E8673CA |
|
CONTENT
ssdeep
|
48:TBMYYIJjPjzdNfYoHYPTNR87TNlQfyzWrSQT1vpOKICV1:TxYsLjY8YAXm9SQ5vpPBV1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc9c33338c8e3733 |
|
VISUAL
aHash
|
0200181818180000 |
|
VISUAL
dHash
|
0610303030300000 |
|
VISUAL
wHash
|
0f003cbcbcbc0000 |
|
VISUAL
colorHash
|
38000030000 |
|
VISUAL
cropResistant
|
0610303030300000 |
• Threat: Crypto Wallet Drainer
• Target: APX Finance users
• Method: Malicious voting portal
• Exfil: Wallet signature request
• Indicators: Obfuscated JS, new domain
• Risk: High
The site uses a deceptive 'vote' interface to prompt the user to connect their Web3 wallet and sign a transaction that grants the attacker access to assets.
Uses official-looking branding and logos to trick users into believing they are interacting with the genuine APX Finance governance portal.
Pages with identical visual appearance (based on perceptual hash)