Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T103A26321E940C40A6197C598EBF1A9A93BBD8341D7070754F9BC63B1978ECAC8E7729C |
|
CONTENT
ssdeep
|
384:u3pt1X3IOIcr2UrLMrk65nrzur4XSqbk2S:u3pt1X3IOIcr2Urwr31rKrxqbk2S |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ce8e923269696736 |
|
VISUAL
aHash
|
3c3c3c3800000000 |
|
VISUAL
dHash
|
6021607224000000 |
|
VISUAL
wHash
|
3c1c3c380f0f0f0f |
|
VISUAL
colorHash
|
070010001c0 |
The code presents a fake Google sign-in page. It contains a form requesting email/phone information. The form uses GET method instead of POST, which is unconventional and raises suspicion. It also uses branding to impersonate Google. The external scripts from /js/usecure could be a part of the phishing setup, while innermail.co.uk is a suspicious domain to load Google fonts from. Overall, it's designed to look like a legitimate Google login page and potentially harvest credentials.
Pages with identical visual appearance (based on perceptual hash)
Found 9 other scans for this domain