Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1ED717667D708266D0B92C151FC78B35DA32B4084E142EFAC9E7A508D5ADCFB6C2724DB |
|
CONTENT
ssdeep
|
48:T+SZa03Ol3oNLJj2WxNq5ESHNiT9Rjpm2R+kws7701HK6LnDHh6/Iq:TH2W657HNiT9RJ+F1HKWnDHg |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8f3830937cc74e33 |
|
VISUAL
aHash
|
01013f3f3f3f3f03 |
|
VISUAL
dHash
|
f3b3e561f1e1c9f7 |
|
VISUAL
wHash
|
01013f3f1f3f3f01 |
|
VISUAL
colorHash
|
00007000000 |
|
VISUAL
cropResistant
|
f3b3e561f1e1c9f7 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 11 techniques to evade detection by security scanners and make reverse engineering more difficult.