Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T189B34C703A08B9766AB3439750DE35067239512F940E4820B354ECAE77F9C9EA07BFD9 |
|
CONTENT
ssdeep
|
3072:ys/B7DR6OT9XIKrOni2XjUMAL98n0d2U+C:T/B7DR6OJOni2z458n0d2U+C |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
da49ada652d8d8c6 |
|
VISUAL
aHash
|
ff00000000ffffff |
|
VISUAL
dHash
|
59637991edad4c4d |
|
VISUAL
wHash
|
ff00000000ffffff |
|
VISUAL
colorHash
|
06c40000000 |
|
VISUAL
cropResistant
|
0001456961050013,ad8bb1cd4dcd8d29,3a4b637919d14de5 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 15 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.
Pages with identical visual appearance (based on perceptual hash)