Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D4E229B4A230D335B1C247E8DA6429687A5FE1DCD7C695B4E388AF11B0D6CECD5260CB |
|
CONTENT
ssdeep
|
384:4r/aJcui8m8RhiXkdvNTDhPhLxeAxeDWNW1Tp34PxeeJEmuW3AsEARWEMd:4r/aJcuS6hhPhleMeDGCSPxeeWmHLW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3393ffc6815384c |
|
VISUAL
aHash
|
00242070f0f47670 |
|
VISUAL
dHash
|
4ccccac1c1c4ccc1 |
|
VISUAL
wHash
|
806620f0f0f6fff0 |
|
VISUAL
colorHash
|
30600018000 |
|
VISUAL
cropResistant
|
f8da8cccfb79f1ac,69e8f0b9f8686868,88304c4d4c300882,4ccccac1c1c4ccc1 |
• Amenaza: Kit de phishing para robo de credenciales
• Objetivo: Marca desconocida, posiblemente usuarios de apuestas deportivas
• Método: Formulario de registro falso que roba email y contraseña
• Exfil: Datos enviados a API WebSocket (wss://gambler-work.com/api/ws)
• Indicadores: Dominio reciente, JavaScript ofuscado, URL WebSocket sospechosa
• Riesgo: ALTO - Robo inmediato de credenciales
Pages with identical visual appearance (based on perceptual hash)