Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T123D3B550E22C842F404B61D9E59C6BB7FA849964EFD08500E5EC83CFEA96E11F77B16C |
|
CONTENT
ssdeep
|
3072:yHDPntn+nNHntn+nd2h2Q+T4lsVkneaMITZj9Mzz5CkZOnJRT:yHb2h2Q+T4lsVkneaMITZj9Mzz5CkZO/ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
add09b998e662987 |
|
VISUAL
aHash
|
ffefc3c393818101 |
|
VISUAL
dHash
|
9d988e273713336b |
|
VISUAL
wHash
|
ffefc3c393818101 |
|
VISUAL
colorHash
|
0ec00008000 |
|
VISUAL
cropResistant
|
9d988e273713336b,988f2737331b2965 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 220 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)