Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13A4102305019BD735113D2F87BE06F8B21C7C706CB4A294D92F4A3990EE2C4CDEA2249 |
|
CONTENT
ssdeep
|
24:hMs2m7IkWG0vsJhhzR/RxJzr6gVD7VyUylMxnP3MxnflWbajNPqqkyW1A:LUkKUJhhzJRnqOVyUyyxnPcxnt7GyW1A |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
83fe6d0103039bfe |
|
VISUAL
aHash
|
3f3f3f3f3f3f3f3f |
|
VISUAL
dHash
|
d0c6ccccd0d0d0d0 |
|
VISUAL
wHash
|
1f03272700000000 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
808c989880808080,f184acb6b6ac84f3,0e71710e20000000 |
β’ Threat: Phishing
β’ Target: Microsoft Outlook users
β’ Method: Credential harvesting
β’ Exfil: https://api.web3forms.com/submit
β’ Indicators: Domain mismatch, login form
β’ Risk: High
The attacker presents a login form designed to steal usernames and passwords.
Pages with identical visual appearance (based on perceptual hash)
Found 10 other scans for this domain