Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E13294758384473319F281D2ABC957A3E7D980ACD25205092BFDC7ACE3C2C58EA779A4 |
|
CONTENT
ssdeep
|
192:h6j3F6+kcFAdSZb8NE6w9JvpDQbLYdpDzCaU1Is9HC9KpacffbP:yxkkAdSZb8Hw9JgYrPNU1Iutpb3bP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cfa28aaab8b8b8b8 |
|
VISUAL
aHash
|
ff3000000038383c |
|
VISUAL
dHash
|
4560616960616161 |
|
VISUAL
wHash
|
ff38383c303c3c3c |
|
VISUAL
colorHash
|
38000007000 |
|
VISUAL
cropResistant
|
0048159492d52400,0081050505810201,6862606960616961 |
• Amenaza: Phishing / Impersonación
• Objetivo: Usuarios de Jupiter Exchange
• Método: Typosquatting y artículo falso
• Exfil: Probable conexión a drenador de billeteras
• Indicadores: Dominio no oficial .co vs .ag
• Riesgo: Alto
Uses fake news articles to redirect users to malicious dApps designed to request malicious contract approvals.
Copies the brand identity of Jupiter Exchange to gain user trust.