Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E0234A726332B4A843DB91EEE73C3D56B2D2589DE8CB4550F5C95A8D23C3C806297BB4 |
|
CONTENT
ssdeep
|
768:as5Q+EsZx8/G8qD4QJDaw6M2BPMwGM2BPFCN2/y9dGDTDiJE56ITmH+LCBlvNPqC:as5Q+EsZ/8qsQJDaw6M2B0wGM2BYN2/C |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9111ee6609ee7695 |
|
VISUAL
aHash
|
00000a0a0a00ffff |
|
VISUAL
dHash
|
9c9a9a9a9ada0018 |
|
VISUAL
wHash
|
000a0a0b0f2fffff |
|
VISUAL
colorHash
|
1ec00400000 |
|
VISUAL
cropResistant
|
0000080c0c0c0008,7438385c3cbc9dac,fef9e9c1e2c6ccc1,0000000000000000,6c9a9a9ada9a9ada |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.
Found 2 other scans for this domain