Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A5F2E7726204763A0AE381D1AB25276B73EDD2C8D35B0A125AFDC36C5BC2D57DD32728 |
|
CONTENT
ssdeep
|
384:XuEv55WDOYV3wO9Th58wiDu1V1Kt6x90r5lfzVXAf4upYjkoRgZqgS2395WV:eEhHawO9158wDHKc2RpoAjBngfG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b046e719cccc19cf |
|
VISUAL
aHash
|
67c3e79fcf8fe7e7 |
|
VISUAL
dHash
|
8c0d0c3010980f0c |
|
VISUAL
wHash
|
7fc3001c0c0cffe7 |
|
VISUAL
colorHash
|
07000038000 |
|
VISUAL
cropResistant
|
8c0d0c3010980f0c |
• Ameaça: Possível Golpe
• Alvo: Usuários de criptomoedas
• Método: Oferecendo geração de códigos QR Bitcoin
• Exfil: Potencialmente através de Javascript, embora não esteja claro.
• Indicadores: Nome do domínio, entradas de formulário, ofuscação
• Risco: Baixo
The site's primary function is to accept and display a user-provided bitcoin address as a QR code. A malicious actor could use this to harvest bitcoin addresses, possibly for phishing or other scams.
The presence of obfuscated javascript makes it possible the site is attempting to record the inputted Bitcoin address.
Pages with identical visual appearance (based on perceptual hash)