Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16F2366718044693B41F793E6EAB11F7662E5C30DCA1352029AF583AE1FE7C64FC0A57A |
|
CONTENT
ssdeep
|
384:AhDCHXhNkBXfTym5wVksr6qcoPdPcCmP/3Cqr0zo0Px0rb0HPGJA8im2vssKAtt:AueBXfdRqzujrHr4r8l2vsslH |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9bcec0d2c413d65b |
|
VISUAL
aHash
|
fc9f0f0f0f0f0f0f |
|
VISUAL
dHash
|
985b5b7a3b3b1a9a |
|
VISUAL
wHash
|
fc090f0f0f0f0f0f |
|
VISUAL
colorHash
|
06400000600 |
|
VISUAL
cropResistant
|
985b5b7a3b3b1a9a,80a2802b0ba080a2,4ece4e4e92464e4e,191b9e8d8d0d5151 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 48 techniques to evade detection by security scanners and make reverse engineering more difficult.
Found 2 other scans for this domain