Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FC0145705522EC3A49E2C2E9A6F4572F26C6DB8ADE83070257EC93DD0EDAD81CD05141 |
|
CONTENT
ssdeep
|
12:hRww8yLpAqTRD10MV5cOW1fZdIG0l5KGmBz:hRF8Op1RDG+2NjdJOKGs |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc31336633dc33cc |
|
VISUAL
aHash
|
0818181818181818 |
|
VISUAL
dHash
|
30b2b2b2b2b2b230 |
|
VISUAL
wHash
|
1818181818181818 |
|
VISUAL
colorHash
|
31008040001 |
|
VISUAL
cropResistant
|
30b2b2b2b2b2b230 |
• Ameaça: Falsificação
• Alvo: Usuários AQBIT
• Método: Falsificação de domínio e JavaScript malicioso.
• Exfil: wss://${window.location.host}`:c=Ol
• Indicadores: Incompatibilidade de domínio, ofuscação, envio de formulário.
• Risco: Alto
The site likely aims to steal login credentials or financial information through a fake login page that closely resembles the legitimate AQBIT platform. The use of obfuscated Javascript may indicate attempts to hide malicious behavior.
This is a potential attack vector, with the malicious javascript trying to execute code.
Pages with identical visual appearance (based on perceptual hash)