Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12801F1719522DC3A89E2C2EAA6B5572F26C6DB8ACE83170357EC93DD0EDAC81CD05145 |
|
CONTENT
ssdeep
|
12:nww8yLpAqTRD10MV5cOW1fZdIG0lgG9GmBz:nF8Op1RDG+2NjdJaGs |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc33336633cc72cc |
|
VISUAL
aHash
|
0818181818181818 |
|
VISUAL
dHash
|
30b2b2b2b2b2b230 |
|
VISUAL
wHash
|
1818181818181818 |
|
VISUAL
colorHash
|
31018000400 |
|
VISUAL
cropResistant
|
30b2b2b2b2b2b230 |
• Threat: Cryptocurrency trading platform phishing
• Target: Poloniex exchange users
• Method: Fake mobile app interface to steal credentials or cryptocurrency.
• Exfil: WebSocket URLs to potentially capture data.
• Indicators: Domain name differs from official site, uses obfuscation, JavaScript form submission
• Risk: HIGH - Potential theft of cryptocurrency and account credentials
Found 3 other scans for this domain