Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T162E2D9329019683F069BB3D0A771B32A738683DED583171A42FDC71E5BDBE90DD1A4A4 |
|
CONTENT
ssdeep
|
384:FeaJzYbII14iIIIII9hYV5y/HC2l2g6PkCrGCyLElqQPfWpW:gaJ8bIIhIIIIIu5y/HCdg6PrrZTqQnx |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
86e3711c9c397396 |
|
VISUAL
aHash
|
00e1f7ff7f181818 |
|
VISUAL
dHash
|
8fcfcbf3e5f1f0f0 |
|
VISUAL
wHash
|
00f1ffdf7f181810 |
|
VISUAL
colorHash
|
19038000000 |
|
VISUAL
cropResistant
|
f363d3cadd988c8c,0002c8fcd4440000,8fcfcbf3e5f1f0f0 |
• Amenaza: Phishing
• Objetivo: Personas interesadas en el trading de criptomonedas
• Método: Suplantación y ofertas atractivas.
• Exfil: Potencialmente información personal y financiera ingresada en el formulario.
• Indicadores: Reclamaciones de altos beneficios, formulario de registro.
• Riesgo: Alto
The attacker aims to steal user credentials (name, email, phone number) by having the user enter them into a fake registration form. The site is related to crypto, so the end goal could also be draining crypto wallets. JavaScript obfuscation detected as well.
There is a possibility of injecting malware after registration.
Pages with identical visual appearance (based on perceptual hash)