Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T106316A7060859E7B95CA93F05630A71B27D1C286CA8B0B0496FCD79E4FFAD81CD1A168 |
|
CONTENT
ssdeep
|
24:n/CcC1OMN8AlA3s3NBlBMi/nStBJI1QRjHb7gUbzJvcFXVPozvcFXVa:nXCNPICLnMi/G20jfBvcnuvcna |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f3a38c4ca3666699 |
|
VISUAL
aHash
|
ffffe7e7ff0000ff |
|
VISUAL
dHash
|
28284d4d48288000 |
|
VISUAL
wHash
|
2020242400000003 |
|
VISUAL
colorHash
|
06007000000 |
|
VISUAL
cropResistant
|
28084c484d4d4948,0000000000000000,61176171790d5141,0c68106860500000 |
⢠Threat: Phishing
⢠Target: AXA customers
⢠Method: Impersonation via a fake login form
⢠Exfil: ./Bismllah/index.php
⢠Indicators: Domain mismatch, Form for credentials
⢠Risk: High
The attacker is using a fake login form hosted on a different domain (realtyacres.com) to steal the victim's AXA credentials.
Pages with identical visual appearance (based on perceptual hash)
Found 2 other scans for this domain