Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DA922E309010AA3701D393E2673A5B1BF3E2D294CA630A1927F9C30D6FD7E55CE67669 |
|
CONTENT
ssdeep
|
192:IY4kQmKBZkDOtn1f1RbePAo/zRi5XIaHjm8aKrF9cVfx2pPermJrJYzdaJfByI:IBNkDO11tdm/zavHyfQF9cVfmKdaJpyI |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
936d6992b46c8ee1 |
|
VISUAL
aHash
|
066070766e2e6440 |
|
VISUAL
dHash
|
94cac7cccccccdd2 |
|
VISUAL
wHash
|
666072767e6e7460 |
|
VISUAL
colorHash
|
38000600048 |
|
VISUAL
cropResistant
|
94cac7cccccccdd2 |
• Ameaça: Golpe de Investimento/Cripto
• Alvo: Usuários de criptomoedas
• Método: Página de destino enganosa com promessas de recuperação de tokens
• Exfil: Exfiltração via JS ofuscado
• Indicadores: Terminologia financeira vaga
• Risco: Crítico
Uses a fake login portal to harvest credentials or seed phrases.
Potential connection to malicious DApps once user logs in.