Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10EA33AF09281EC1351A75186B05BC689F3FA041BF7998DA0714CCECAA3DE837957B5B2 |
|
CONTENT
ssdeep
|
768:QmT0TQH7YFUxc5QiW1rdvUd7l6Bz4XCLvHpVN9SFyVzc+b42NB2jIGrTnzq8QE1N:QtwZvUd7l6BzaCLvHpVN9S0zQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cf96363331398c35 |
|
VISUAL
aHash
|
02ffff3c20300000 |
|
VISUAL
dHash
|
8c69f0f0ccc092d0 |
|
VISUAL
wHash
|
06ffff7c3c780020 |
|
VISUAL
colorHash
|
000000005c0 |
|
VISUAL
cropResistant
|
5b5616859d4c4db0,8c69f0f0ccc092d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 33 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)