Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C441EB00842C6C77924361D86BC5FB477667C346CF151949E3F0CA6E5BE6D18CE592B8 |
|
CONTENT
ssdeep
|
48:CpE2wEgKOEYkUVy9wPSNNbPSWI+Bpv3e6hse9hkaaOkHePSW4:irOIRwPSvbPSf |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
83fe6e0103839bfa |
|
VISUAL
aHash
|
3f3f3f3f3f3f3f3f |
|
VISUAL
dHash
|
d0c6ccd8d0d0d0d0 |
|
VISUAL
wHash
|
3f23070730303030 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
808c989080808080,f184acb6b6ac84f3,0e71710e20000000 |
• Ameaça: Phishing de credenciais
• Alvo: Usuários do Microsoft Outlook
• Método: Imitação da página de login do Outlook
• Exfil: Credenciais serão roubadas
• Indicadores: Hospedagem gratuita, logotipo da marca, formulário de login.
• Risco: ALTO
The attacker is using a look-alike page to trick users into entering their Outlook credentials.
Use of atob and fromCharCode to obfuscate the code, probably for anti-detection purposes.
Pages with identical visual appearance (based on perceptual hash)