Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16052973B320C983B1B335F9C59D07229E4C3511FCBA59D8294EA95A92EC3FB99E4405F |
|
CONTENT
ssdeep
|
384:wPCOs7EPXIAopwTvJ6rp46pheY9CrhXKHFNVeTURfCf/DVfH:wPCOs7EPXhopwTvJ6rnp+rU1I/DpH |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b35313135b1b5353 |
|
VISUAL
aHash
|
00ffffffffffffff |
|
VISUAL
dHash
|
49184c0000162600 |
|
VISUAL
wHash
|
00c0003c7f019fff |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
1c0c0000000e2400,26195ae949494639 |
• Amenaza: Phishing
• Objetivo: Usuarios de Facebook
• Método: Captura de credenciales a través de una página de inicio de sesión falsa
• Exfil: Credenciales de inicio de sesión de Facebook
• Indicadores: Ofuscación, acción de formulario a Facebook
• Riesgo: Alto
The site mimics Facebook's login page to capture user credentials.
JavaScript is used to hide malicious actions.
Pages with identical visual appearance (based on perceptual hash)