Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17044866C301215AF61B3CAD0B4A1BF07E0E1F30BDE6DE60595EE12156FCBD22A9E1674 |
|
CONTENT
ssdeep
|
1536:YQgsoHf4jJ8rBKish6WMItgFVLEYYvEv5rD9U+Iepav1t4tBj91Vp/7FUZL8R+7E:asoHf4jJ8rBKish6pKgFUgdUZL8R+7E |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ceaf313886258fc6 |
|
VISUAL
aHash
|
010038393c3c0000 |
|
VISUAL
dHash
|
4f61616161616149 |
|
VISUAL
wHash
|
85fc3d3d3c3c3c20 |
|
VISUAL
colorHash
|
30018000400 |
|
VISUAL
cropResistant
|
4f61616161616149 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 66 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.
Pages with identical visual appearance (based on perceptual hash)