Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F7337C736732B9B843CB82EEF73C2A56F3C1889DE5874554B5C9468D13C2C8162A7BB4 |
|
CONTENT
ssdeep
|
1536:a/eC+EsZ/8qMYhQPDawiM2B0wLM2BtwcN2/y9dGXDiJZBlvy40hxwW:aYxhRw9wPFN2aDSw09 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9111ee56a9ee94a9 |
|
VISUAL
aHash
|
00000a0b0f00ffff |
|
VISUAL
dHash
|
259a9a9a9a1a437b |
|
VISUAL
wHash
|
000a0f0f0f0affff |
|
VISUAL
colorHash
|
33c00600000 |
|
VISUAL
cropResistant
|
08000c0c0c002464,fef9e9c1e246c8c1,7438385c3cbc9cac,c800844b73630056,259a9a9a9a9a9adc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 18 techniques to evade detection by security scanners and make reverse engineering more difficult.
Found 2 other scans for this domain