Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A011EBB39002C43B4163C6C42BD5BB2A33D64659CB5A1F4A23FD52D91AF8E50EC9E088 |
|
CONTENT
ssdeep
|
24:hR/C9nGMNZJu7WkvydqwTpGtx5RRyvAyK//A:Tmnt7JoIpGXRcAN/A |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8d9a336d5ca6a3c8 |
|
VISUAL
aHash
|
1e3f7f7e181a0000 |
|
VISUAL
dHash
|
f8f8f0f0f2d6e2d4 |
|
VISUAL
wHash
|
3f7f7f7e382a0000 |
|
VISUAL
colorHash
|
30006000000 |
|
VISUAL
cropResistant
|
f8f8f0f0f2d6e2d4 |
• Threat: Phishing Redirect
• Target: Vaulto
• Method: JS-based interstitial redirect
• Exfil: Browser redirection
• Indicators: Obfuscated JS, delay-based redirect
• Risk: High
Redirecting users through an intermediate page to prevent direct analysis of the malicious destination.
Uses timed redirects to manage user flow and avoid automated scanning.