Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1012342B340C328378376EFDA92D87F7EE3C14A5ADD124659CEAA434C47F5DB2A511428 |
|
CONTENT
ssdeep
|
1536:9wkwqVeQSVeFS1ehS1a/EDe4zR/ySaqe/SoejS6e0VSsewSqezSXeFSOmBjRyVzG:9w8RDka/EtR/ybBwLXOrmRyxG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e947121669c7b8bc |
|
VISUAL
aHash
|
0000fbfbdbdfdfd9 |
|
VISUAL
dHash
|
dacc3323333c3333 |
|
VISUAL
wHash
|
0000fbf9d98fcf89 |
|
VISUAL
colorHash
|
07007000040 |
|
VISUAL
cropResistant
|
333343333f393333,d847b8d8d72a6c6c,69697371dcdc7161,e179f9e97979f1f1,e179f9e97979f1f1,4931c1c9c1c1cd31 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 964 techniques to evade detection by security scanners and make reverse engineering more difficult.
Found 3 other scans for this domain