Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FC0145705522EC3A49E2C2E9A6F4572F26C6DB8ADE83070257EC93DD0EDAD81CD05141 |
|
CONTENT
ssdeep
|
12:hRww8yLpAqTRD10MV5cOW1fZdIG0l5KGmBz:hRF8Op1RDG+2NjdJOKGs |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc31336633dc33cc |
|
VISUAL
aHash
|
0818181818181818 |
|
VISUAL
dHash
|
30b2b2b2b2b2b230 |
|
VISUAL
wHash
|
1818181818181818 |
|
VISUAL
colorHash
|
31008040001 |
|
VISUAL
cropResistant
|
30b2b2b2b2b2b230 |
• Threat: Impersonation
• Target: AQBIT users
• Method: Domain spoofing & malicious Javascript.
• Exfil: wss://${window.location.host}`:c=Ol
• Indicators: Domain mismatch, obfuscation, form submission.
• Risk: High
The site likely aims to steal login credentials or financial information through a fake login page that closely resembles the legitimate AQBIT platform. The use of obfuscated Javascript may indicate attempts to hide malicious behavior.
This is a potential attack vector, with the malicious javascript trying to execute code.
Pages with identical visual appearance (based on perceptual hash)