Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14EF27775A102016B8B7B85C9D062BF1EF1A7F30FD25AC8C92AFD55A95FC3CB1B016660 |
|
CONTENT
ssdeep
|
192:6sVR92z+bNovFvFNF4FVFlF2v4RArzKuIZt2R3tP6w0/u4PgN+0urepj6WnKMcox:l9bNmFvFNF4FVFlFe21t2/e6K9a8x3G |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
99cc666699999966 |
|
VISUAL
aHash
|
1830381818180018 |
|
VISUAL
dHash
|
2020725230b22030 |
|
VISUAL
wHash
|
3c383c3c3c3c3c3c |
|
VISUAL
colorHash
|
3800b000080 |
|
VISUAL
cropResistant
|
b1f3f97372f2b1d0,00280c4d4c463208,2020725230b22030 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 239 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.
Pages with identical visual appearance (based on perceptual hash)