Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DEA2652060B45A7F1267A3C9AD21DF2DE6DBD149CE078D21A3F9818F17EAED48D02067 |
|
CONTENT
ssdeep
|
384:RIjB2t5uerOzRxHuCaqIubKaiNaga3Hr3YYvVuog8Dj1tFP/PJJbuuFVEaZvhmnz:RI4ue69Vaf/NfaJ6Eco1y04LlzwO/uHs |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b0314f4f53364e4e |
|
VISUAL
aHash
|
00c3c3c3efffffff |
|
VISUAL
dHash
|
d916969e9e1e9e30 |
|
VISUAL
wHash
|
00c3c3c3c3c3c3ff |
|
VISUAL
colorHash
|
06000000006 |
|
VISUAL
cropResistant
|
96969e9e1e1e9620,a9a954525350a9a9,0090cbd1d10b1000,cbc3f1f1c3c5dddd,6b4b942a53958fd8,2424383ddd9d8c0d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.
Pages with identical visual appearance (based on perceptual hash)
Found 10 other scans for this domain