Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14AD2547340C6283747B2AFD5D6E47B6AE3C24A5ECD520A1ADEF6430C17F5EB1A432528 |
|
CONTENT
ssdeep
|
768:n4oytki88g6LBSRTJfgK6Mo4PMe43Vzkd:9Qki88g6LBSRyVzkd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b91669124996beb6 |
|
VISUAL
aHash
|
0000c7fffffffff9 |
|
VISUAL
dHash
|
d8cc2d203a191313 |
|
VISUAL
wHash
|
000087ffcfcfc9c9 |
|
VISUAL
colorHash
|
06007000000 |
|
VISUAL
cropResistant
|
2d2c38181b391313,d847a8d8d52ac4c4,e46a72333376ece8,4030caccc8c84a30 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 964 techniques to evade detection by security scanners and make reverse engineering more difficult.
Found 3 other scans for this domain