Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19D5474BF604824DFD233C5C720213B1DE032736FEFA5494AEEE6A168DE968107AD4975 |
|
CONTENT
ssdeep
|
1536:l+8m7GugfcaUPOoflVKgUYb6lvaMZXQvCMjn4Z4dZjvz4V8kCMU9vgCMy3Z3S6f4:cEmfU4W8tbl7V7a |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a815d54afbd012f5 |
|
VISUAL
aHash
|
ff0b00000000ffff |
|
VISUAL
dHash
|
80f6fabb37f5cd08 |
|
VISUAL
wHash
|
ff1f02000101ffff |
|
VISUAL
colorHash
|
06002000180 |
|
VISUAL
cropResistant
|
80f6fabb37f5cd08,fafa7abb3333f2fa,0303071f23f1bcbc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)