Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AE52A737320C88370B335F9C59D0B229E4C7551FCBA59C8294EA85A96EC3FB99D5409F |
|
CONTENT
ssdeep
|
384:wPuvs7EPXIAopwTvJ6rpB6phembCrwXKHFNVeTUFfDf/DVfH:wPuvs7EPXhopwTvJ6rypdO6UZr/DpH |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b35313135b1b5353 |
|
VISUAL
aHash
|
00ffffffffffffff |
|
VISUAL
dHash
|
49184c0000162600 |
|
VISUAL
wHash
|
00c0c0f8f38190f0 |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
1c0c0000000e2400,26195ae949494639 |
• Amenaza: Phishing
• Objetivo: Usuarios de Facebook
• Método: Suplantación e formularios de inicio de sesión maliciosos
• Exfil: https://www.facebook.com/login/device-based/regular/login/?login_attempt=1&lwv=110
• Indicadores: Dominio no relacionado, envío de formulario a la URL de Facebook, ofuscación
• Riesgo: Alto
The attacker aims to steal user credentials by creating a fake Facebook login page. Users are tricked into entering their login details, which are then harvested by the attacker.
Pages with identical visual appearance (based on perceptual hash)