Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T132B2D3E6118147BF01A7F6E37660AB1DF2D4CB87CE27990BF2EA4F66169AC064DC1350 |
|
CONTENT
ssdeep
|
384:ZiPnDOY52H6oqL/ZKFLVYs+wXoN3T9a1soESCGOkKOjsVnVEdwLMknUr8VzzeNr5:ZibB2H6oqL/ZKFLVv+SoZ9a1soflwVne |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8908afe62718dcdd |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
f7f3b3b34d0c535b |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
06000c00000 |
|
VISUAL
cropResistant
|
a5a5a529a5c571bd,ccd469cfb4ed8994,8a888ace6faa888a,730c0e1669535b4b,dff7b3ffb3b3adff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.
Found 2 other scans for this domain