Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C3A32BF7E39C9964B05367D8F060B36162231179DF0ACB88DA6D45A4F3C3C9E48B79A1 |
|
CONTENT
ssdeep
|
768:QiW2pl6kuwS5WpQ/J0Ff7Bqbvj/m045vJsVy:V0/zqP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d2266d34369c65e3 |
|
VISUAL
aHash
|
0060600e667c7e3c |
|
VISUAL
dHash
|
34c9cbecdcd0e8c4 |
|
VISUAL
wHash
|
0060782e667e7e7e |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
97940c4c8b5b2b8b,c3c8e4cec4c0e132,d48096968c8e80d4,6b6aa5a535b73bb5,372bd55555575759,34c9cbecdcd0e8c4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)