Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BFB274F59685181F2683A1C55552BF2562C3C067E246857723E545CE2ACCFF0E8CE37E |
|
CONTENT
ssdeep
|
384:7Ep4M28QcaU3UJ5UM5UiLSwmqKYh9TCTvCGk1osI3fiwq0jCKKzIA:Yp4PBSI97EqjhqLk2F3fiwq0B2IA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
93ad0d17ed0d134d |
|
VISUAL
aHash
|
18ffffffff000000 |
|
VISUAL
dHash
|
e80f8a0c4ce8f0f0 |
|
VISUAL
wHash
|
00ffffffff000000 |
|
VISUAL
colorHash
|
060000003c0 |
|
VISUAL
cropResistant
|
f1f0eaeaeaaa6169,0e0e1a8b8e0e0e12,923373726a525252,f0b0002000000000,69418e2061691620,e0cce8f0f0f0f0f0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Found 1 other scan for this domain