Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18EE229B4A230D335B1C24BE8DA6425287A5FE1DCD7C695B4E398AF11B0D6CECD5260CB |
|
CONTENT
ssdeep
|
384:4r/aMJguMTmLRhiXkdvNTDhPhLxeAxeDWNW1Tp34PxeeJEmuW3AssoRWkMd:4r/aMJguZ1hhPhleMeDGCSPxeeWmH7W |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3393ffc6815384c |
|
VISUAL
aHash
|
00242070f0f67670 |
|
VISUAL
dHash
|
4cccdac1c1c4ccc1 |
|
VISUAL
wHash
|
802620f0f0fefff0 |
|
VISUAL
colorHash
|
30600018000 |
|
VISUAL
cropResistant
|
69e8f0b9f8686868,88304c4d4c300882,4cccdac1c1c4ccc1 |
• Ameaça: Phishing
• Alvo: Usuários desavisados
• Método: Engano por meio de um formulário de registro.
• Exfil: wss://gambler-work.com/api/ws
• Indicadores: Domínio recente, dados do formulário, ofuscação JavaScript
• Risco: ALTO
The site uses a registration form to collect user credentials (email, password) and likely sends this data to the attacker. The use of JavaScript obfuscation suggests an attempt to hide malicious activity from security solutions.
The website uses Cristiano Ronaldo’s image to lure users and make the website look more appealing and trustworthy. Claiming a free reward is a further attempt to gain users' trust and have them input their information.
Pages with identical visual appearance (based on perceptual hash)