Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T170F1D8A78188192E353342DCE52673A770A6A32AD7AA150CD2EC933703DDDB7F967C10 |
|
CONTENT
ssdeep
|
96:T0+zx1tUbOw7NhY+7v32AeiR8mRaXCofUbOw7N9AyI+p3h+hvb5sk:Rx1tUbB7fYypTAdfUbB7S+p3h+hWk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b9c79338c63139c6 |
|
VISUAL
aHash
|
ffffdfc3fb8787ff |
|
VISUAL
dHash
|
106054d6649a9a60 |
|
VISUAL
wHash
|
fff3fc90f1818030 |
|
VISUAL
colorHash
|
07000007000 |
|
VISUAL
cropResistant
|
106054d6649a9a60 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)