Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A5F2E7726204763A0AE381D1AB25276B73EDD2C8D35B0A125AFDC36C5BC2D57DD32728 |
|
CONTENT
ssdeep
|
384:XuEv55WDOYV3wO9Th58wiDu1V1Kt6x90r5lfzVXAf4upYjkoRgZqgS2395WV:eEhHawO9158wDHKc2RpoAjBngfG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b046e719cccc19cf |
|
VISUAL
aHash
|
67c3e79fcf8fe7e7 |
|
VISUAL
dHash
|
8c0d0c3010980f0c |
|
VISUAL
wHash
|
7fc3001c0c0cffe7 |
|
VISUAL
colorHash
|
07000038000 |
|
VISUAL
cropResistant
|
8c0d0c3010980f0c |
• Amenaza: Posible Estafa
• Objetivo: Usuarios de criptomonedas
• Método: Ofreciendo generación de códigos QR de Bitcoin
• Exfil: Potencialmente a través de Javascript, aunque no está claro.
• Indicadores: Nombre de dominio, entradas de formulario, ofuscación
• Riesgo: Bajo
The site's primary function is to accept and display a user-provided bitcoin address as a QR code. A malicious actor could use this to harvest bitcoin addresses, possibly for phishing or other scams.
The presence of obfuscated javascript makes it possible the site is attempting to record the inputted Bitcoin address.
Pages with identical visual appearance (based on perceptual hash)