Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T181241AB063D8D6A5D001D3F893768A75326769E9BF02C60883F05F86EAE189DCC95CD7 |
|
CONTENT
ssdeep
|
1536:7Ucg5wAtlvfvesg9s0Kv4448de/S9ZHB225rVR8gYz5rVR8gYCnkjne12+OEnkjl:gcg5wATvfvesqozs1H1m |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ac49d2ef06833de8 |
|
VISUAL
aHash
|
0000180083ffffff |
|
VISUAL
dHash
|
69f03373332b884c |
|
VISUAL
wHash
|
00001810d3ffffff |
|
VISUAL
colorHash
|
3a400030000 |
|
VISUAL
cropResistant
|
8909c9c9c9094989,372b2b07c00f4c0c,2368f0b2b3b3b3b3,d51555c5e5959555,0b5414d4f5144403 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)