Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CF61CC39A101A9B351CBD2E1BBF0975F7B9282C5EE53274253E4C36D4BD5D98CD04171 |
|
CONTENT
ssdeep
|
96:TVo9ALGMcUvE3yAuNgii2gQygWvg5J/R9TO:y9d+vJAuKiilQBWY5BRM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f3866633cc66c899 |
|
VISUAL
aHash
|
e7e4fce4fce4e4f8 |
|
VISUAL
dHash
|
28282808184c4c30 |
|
VISUAL
wHash
|
e6e4f8e0e8e0e0f8 |
|
VISUAL
colorHash
|
070000101c0 |
|
VISUAL
cropResistant
|
28282808184c4c30 |
• Threat: Phishing
• Target: Users of a document repository
• Method: Requests email address for access.
• Exfil: Obfuscated Javascript, likely to a backend server
• Indicators: Forms detected, JavaScript form submission, generic branding, requests sensitive info.
• Risk: HIGH
The site uses a form to collect the victim's email address. This information is then likely used for further attacks like password resets, account takeover, or spam campaigns.
Malicious JavaScript code obfuscation hides the true intent and capabilities of scripts to make it harder to detect and analyze
Pages with identical visual appearance (based on perceptual hash)