Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C701D0708091A10923734680B971763AE4C69E4CCB521C547FD8939DCBE4EA5CC8F694 |
|
CONTENT
ssdeep
|
12:hV11A2JjtA4ru56M8IuJWYZ1f2T9SlsGEYT3MjpOrGFFVxNM4:h71AMjtxa6tlWqOpPYTcFO6ZxNN |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e4669b9999336466 |
|
VISUAL
aHash
|
ffe7c3c3c3c3e7ff |
|
VISUAL
dHash
|
688e8e9696968e60 |
|
VISUAL
wHash
|
e0c0c0c0c0c0c0f0 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
688e8e9696968e60,4c45c58cce9ccbeb,95b5b5a8598a92c2,a280a2848c8a80a2,9407c8ccd0c4ccc0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2026 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)