Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D792C734310456BF01434761AFA2E78AA7958744C337C69A82F60379FBCED62CCA5B69 |
|
CONTENT
ssdeep
|
384:9zcjJTs8y02Kt6QB8HUDkTiY2CeaPVh2DIkIPDUB6Kee:9zcjJTs8y0B6QBeUDkTiY2C9n2LsD+ee |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9232696de6e50cf4 |
|
VISUAL
aHash
|
010f1e3e3e1870f0 |
|
VISUAL
dHash
|
f99dfcec6c61e2c3 |
|
VISUAL
wHash
|
010f1e3f3e3878f8 |
|
VISUAL
colorHash
|
32c40001000 |
|
VISUAL
cropResistant
|
c29ab2ce3a8aa2ba,b65216561672b2b7,f99dfcec6c61e2c3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 122 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)