Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15223A4B2460DBE7EB24382D9E728333D227D5187D96F0704D6F147B89A45E8AFD23458 |
|
CONTENT
ssdeep
|
384:Xdd178tC28f2v5rzH5VZRcOc+cwcIt3M8AtGcWcvcvcyIe9JtMp81dKoR9zsYTLr:XNr+3ZVMFVPE3MfNEEVKMp4vBoHItCrs |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c716386147c76739 |
|
VISUAL
aHash
|
020f3f7e78f0f0c0 |
|
VISUAL
dHash
|
deffcee0c2c20000 |
|
VISUAL
wHash
|
020f3f7f78f0f0c0 |
|
VISUAL
colorHash
|
08000000c40 |
|
VISUAL
cropResistant
|
deffcee0c2c20000 |
Fake TokenPocket page designed to appear in search results and trick users into visiting. May redirect to credential harvesting pages, malware downloads, or serve as a trust-building step before requesting sensitive information.
Malicious code is obfuscated using 1 techniques to evade detection by security scanners and make reverse engineering more difficult.