Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T100529737320C98371B335F9C69C07229E4C7551FCBA59D8294EA85A92EC3FB99D4409F |
|
CONTENT
ssdeep
|
384:wPuvs7EPXIAopwTvJ6rpH6phelCriXKHFNVeTUFfDf/DVfH:wPuvs7EPXhopwTvJ6ropTcUZr/DpH |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b35313135b1b5353 |
|
VISUAL
aHash
|
00ffffffffffffff |
|
VISUAL
dHash
|
49184c0000162600 |
|
VISUAL
wHash
|
00c0c0f8f38190f0 |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
1c0c0000000e2400,26195ae949494639 |
• Amenaza: Phishing
• Objetivo: Usuarios de Facebook
• Método: Suplantación y redirección
• Exfil: Credenciales de inicio de sesión de Facebook
• Indicadores: Desajuste de dominio, JavaScript ofuscado, contenido similar a Facebook.
• Riesgo: ALTO
The site uses a fake login form to steal Facebook credentials. Users are tricked into entering their login details, which are then harvested by the attackers.
The site uses a message similar to Facebook to increase the user's perception of urgency to login.
Pages with identical visual appearance (based on perceptual hash)