Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DA21127140544CA9D102E0D453D1EA4D39DBC622CECB15116AF8879D76FDC82CE645D5 |
|
CONTENT
ssdeep
|
24:I2Co3iZh8Gqhoiw5TdmPyhSr76hcxPwN9uENMSC2E:Im8GGgoi4dmPy9hcxIHxKd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
881d267399dcccd9 |
|
VISUAL
aHash
|
0000181818180800 |
|
VISUAL
dHash
|
cfb3b2b2b2b2b3cf |
|
VISUAL
wHash
|
01191b1b1f1f1f1f |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
cc8e96e8f4c07113,cfb3b2b2b2b2b3cf |
• Ameaça: Phishing
• Alvo: Usuários do Outlook
• Método: Coleta de credenciais
• Exfil: https://smartforms.dev/submit/696d6c4cc184545ccc21863f
• Indicadores: Domínio incompatível, ação de formulário para site suspeito.
• Risco: Alto
The site is designed to collect user credentials by mimicking the Microsoft Outlook login page. Users are prompted to enter their email, domain/username and password. These credentials are then sent to a malicious third-party domain (smartforms.dev).
Pages with identical visual appearance (based on perceptual hash)