Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15E037271D354ED7B91C2E2D6F731A29F7284D286AB43426683F8C7485BC7D88CC26C96 |
|
CONTENT
ssdeep
|
384:pshwY8OwywZnwswH/5wO/wJ/w8w1mymQ2mtm2mAmlmgmclum2mIlmDtMatJVr9Lv:Y7InLURQ/3MelQ0DiaRcA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd8932f6ce31e60c |
|
VISUAL
aHash
|
fffbfbf8f8e00000 |
|
VISUAL
dHash
|
3032323272049ce4 |
|
VISUAL
wHash
|
fff9f8f8f8e00000 |
|
VISUAL
colorHash
|
11006200000 |
|
VISUAL
cropResistant
|
3839193919382204,3032323272049ce4,179999f6e2f2131d,7664c89aa9c9a8a9,37a6a52a2ba22a7c |
• Amenaza: Sitio de phishing de criptomonedas
• Objetivo: Usuarios de DemoTrade
• Método: Plataforma de trading falsa que roba credenciales de inicio de sesión
• Exfil: Datos enviados a servidor desconocido
• Indicadores: Dominio no coincidente, JavaScript ofuscado, formularios presentes
• Riesgo: ALTO - Robo inmediato de credenciales
Pages with identical visual appearance (based on perceptual hash)