Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T174A29921B886897702E3C5E0B235BE1BF0D1F747D94A5A0259ABC54E8FC3CB9FD46194 |
|
CONTENT
ssdeep
|
384:QHFC+M6Vdn0C+lwj82byBTXcxIcl5bwx+8hu6GGRS/2PPXFbyso+W:UFc6VvX |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b9cc332ccc996633 |
|
VISUAL
aHash
|
9fe7e7fbfbc3c7e5 |
|
VISUAL
dHash
|
204c4cb2b24c5a4a |
|
VISUAL
wHash
|
00e7e7fbfb818181 |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
c8b2928a883333c8,204c4cb2b24c5a4a |
Fake TokenPocket site positioned to capture victims through SEO tactics, typosquatting, or paid advertising. Serves as entry point for multi-stage attacks including credential theft and malware distribution.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.