Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11FB3C7727129793F235786D0B726676A729AC24ACD82078687FD83794FB3CA0FD17448 |
|
CONTENT
ssdeep
|
3072:zHYwprqGCfrqGApK/6qpK/6oapK/6kqw9qYwS:7qw9T |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ba7bc4b2c0c87a87 |
|
VISUAL
aHash
|
fd8781838787ffff |
|
VISUAL
dHash
|
613b3b1b283ded42 |
|
VISUAL
wHash
|
bd01008187877fff |
|
VISUAL
colorHash
|
06000038000 |
|
VISUAL
cropResistant
|
613b3b1b283ded42,71f6b2b6b2f2f256,5a583bdcd4d42324,2b697333332b2b33 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 85 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)