Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DA21127140544CA9D102E0D453D1EA4D39DBC622CECB15116AF8879D76FDC82CE645D5 |
|
CONTENT
ssdeep
|
24:I2Co3iZh8Gqhoiw5TdmPyhSr76hcxPwN9uENMSC2E:Im8GGgoi4dmPy9hcxIHxKd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
881d267399dcccd9 |
|
VISUAL
aHash
|
0000181818180800 |
|
VISUAL
dHash
|
cfb3b2b2b2b2b3cf |
|
VISUAL
wHash
|
01191b1b1f1f1f1f |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
cc8e96e8f4c07113,cfb3b2b2b2b2b3cf |
• Threat: Phishing
• Target: Microsoft Outlook users
• Method: Credential harvesting
• Exfil: https://smartforms.dev/submit/696d6c4cc184545ccc21863f
• Indicators: Suspicious domain, form action to external site, impersonation.
• Risk: High
The site impersonates a Microsoft Outlook login page and collects user credentials through a form.
Form data is sent to a suspicious external domain instead of the legitimate service.
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain