Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D502B8247218093F62134FD4F9A2FB7CF1A5B28DC92FD468F1B912E643C9E859C62994 |
|
CONTENT
ssdeep
|
96:T5UtMao4y+KpWjaPCfh8VnKMs8A5x1V4p5h3jXxrN36d3T/R+nz3A:OCsWEiVKFv27xwbAA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
efe131cec6388c0e |
|
VISUAL
aHash
|
c0e0f0f0f0b08080 |
|
VISUAL
dHash
|
0040606060601003 |
|
VISUAL
wHash
|
e0f0f8f8f8f8c0e0 |
|
VISUAL
colorHash
|
381c2000000 |
|
VISUAL
cropResistant
|
0040606060601003 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 66 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.
| ID | Portuguese | English | Trigger |
|---|---|---|---|