Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1833266733C065D09214B96DBD107B92EC2C1C9CEDAB2169AE1BC857F26F9EB4328950D |
|
CONTENT
ssdeep
|
96:PhCOXoN25H0s7oL0Gu3+DO1thV18RTRYfUMmZDEAlXkFotyafglcr:PRXoId0s7oL03+gtsufKpEADtXfgSr |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c1b79e78cc633066 |
|
VISUAL
aHash
|
feff65607048787c |
|
VISUAL
dHash
|
30f4ccca9292e3e0 |
|
VISUAL
wHash
|
fe7f64607008787c |
|
VISUAL
colorHash
|
1860000a000 |
|
VISUAL
cropResistant
|
e4e4e6a7213265b7,30f4ccca9292e3e0 |
• Ameaça: Phishing de credenciais
• Alvo: Usuários do Wednesday Wine Club
• Método: Portal de login enganoso
• Exfil: Envio de formulário JavaScript
• Indicadores: Código JS ofuscado, nome de domínio genérico
• Risco: Alto
The site captures inputs from the username and password fields and sends them to an external, obfuscated destination via JavaScript.
Attempts to gain user trust by mimicking a legitimate membership club login.