Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T120942BA2731470BFE0D7CABCF9197339D117818BE06B209CA19D9572A74ACC5E93B784 |
|
CONTENT
ssdeep
|
1536:/3F4cSoNM7eOsrGaUxx2QQ8Zr/LmSDqTVq53QlHxh8N6g8XXhjaPnQWT+960uJ+j:/9IZvLDqTj/mN6ZXt1967+ph |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c26c3d9286c39e6d |
|
VISUAL
aHash
|
0600707c2c6e6400 |
|
VISUAL
dHash
|
841cc8cccccccc23 |
|
VISUAL
wHash
|
d6c0f07c7e3e7c00 |
|
VISUAL
colorHash
|
30000600018 |
|
VISUAL
cropResistant
|
555551111acaeda5,aa80842b238480a2,b2005637238000a2,841cc8cccccccc23 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 15 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)
Found 2 other scans for this domain