Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T161E16712F040113F0273A8D5F0657F2A66D3F34ECA0AA4125BF942982FFBF6075256BA |
|
CONTENT
ssdeep
|
96:nsDdYRr7OLsrSw9oAEAk1fOYV1fdFST2STwMFPrMV+p/2m++Tq/:nsDdYRr7OLs5EAAfzHfC/XFli+M |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b20fe48e7b09f415 |
|
VISUAL
aHash
|
0707070707070707 |
|
VISUAL
dHash
|
cccdcc0d0dcccd8d |
|
VISUAL
wHash
|
0f070f0f0f0f0fc7 |
|
VISUAL
colorHash
|
03400038000 |
|
VISUAL
cropResistant
|
e0e4ecececccccc8,a1b2a09686a0a0a0,c01829a8a8a8d6c4,fefef8c0c8e0f0f8,e0f0a08212e0e2e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain