Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CCE229B4A230E335B1C247E8DA6425287A5FE1DDD7C695B4E388AF11B0D6CECD5150CB |
|
CONTENT
ssdeep
|
384:4r/aJcuvJORmRhiXkdvNTDhPhLxeAxeDWNW1Tp34PxeeJEmuW3As0SRWIMd:4r/aJcuvJPhhPhleMeDGCSPxeeWmH5W |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c34638f14e1f4b4e |
|
VISUAL
aHash
|
e0663030f06e0f40 |
|
VISUAL
dHash
|
449cea6bcbcc9c91 |
|
VISUAL
wHash
|
e06676f0f86e4f40 |
|
VISUAL
colorHash
|
30601000000 |
|
VISUAL
cropResistant
|
b466667060c189c1,e89a07b88929a422,80100c4c4c081000,449cea6bcbcc9c91 |
• Ameaça: Phishing
• Alvo: Usuários desavisados
• Método: Engano via formulário de cadastro
• Exfil: wss://gambler-work.com/api/ws
• Indicadores: Domínio recente, Javascript ofuscado, formulário de cadastro.
• Risco: Alto
The site uses a registration form to collect user email addresses and passwords. This information is likely sent to a malicious server.
A promo code field is present; this could be used to gather more information.
Pages with identical visual appearance (based on perceptual hash)