Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12E82C6B0201856BF248B87B5FB307B25B27994CEE17FC195E3E8C692AF91CA6CD51350 |
|
CONTENT
ssdeep
|
192:j6b826ty3aBj451515151iHjAkeOFNQWjofVvmlHbV7/0a6bYrM8H9VOW8:R26aaBOLLL4Hjve01iM7YSMY38 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b9a96152821b6ebe |
|
VISUAL
aHash
|
0fcb8f0f0e000c46 |
|
VISUAL
dHash
|
1b9b3a1b5c18da9c |
|
VISUAL
wHash
|
0fcf8f0f0f0c0c6e |
|
VISUAL
colorHash
|
39208000240 |
|
VISUAL
cropResistant
|
1b9b3a1b5c18da9c |
• Amenaza: Phishing de criptomonedas / Robo de activos
• Objetivo: Usuarios de Trezor
• Método: Suplantación de billeteras hardware con engaños de 'recuperación' o 'respaldo'
• Exfil: Credenciales o semillas de recuperación
• Indicadores: Imágenes robadas de la interfaz de Trezor y narrativas sobre 'colapsos bancarios'
• Riesgo: Crítico
The site lures users to input seed phrases or credentials under the guise of an account backup or recovery operation.
Using legitimate-looking UI screenshots to bypass user suspicion.