Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E542B63A9142FDBB429386DBEF36736A6355C587D9970A0122F4CA0DCBD1D4DEC02A36 |
|
CONTENT
ssdeep
|
192:z7gMY4Yn2ktR4N+43uR69tMyidpcTuPUKn3m5f2Duim:zEMY4Yn22T43bWIW3JBm |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b836c7c7c3383338 |
|
VISUAL
aHash
|
f7ff870f1f7f8fcf |
|
VISUAL
dHash
|
cc243c3cb8c03818 |
|
VISUAL
wHash
|
63470707071f8f8f |
|
VISUAL
colorHash
|
070010006c0 |
|
VISUAL
cropResistant
|
cc243c3cb8c03818 |
Fake TokenPocket page designed to appear in search results and trick users into visiting. May redirect to credential harvesting pages, malware downloads, or serve as a trust-building step before requesting sensitive information.
Malicious code is obfuscated using 1 techniques to evade detection by security scanners and make reverse engineering more difficult.