Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BC821F71414AA127233749C8EC725B1D60E3DB2DCD231C869ABC97CFBFD1DA1AD1548A |
|
CONTENT
ssdeep
|
384:CmrgbpkwMmMv0qi0YzruF85nGglhbX7tl1s7f:7stkwMkXhbX7tla7f |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c31c3c63c3ccc739 |
|
VISUAL
aHash
|
00003c3c3c3c0000 |
|
VISUAL
dHash
|
4a3671694949418b |
|
VISUAL
wHash
|
00803cfdbeffc1c1 |
|
VISUAL
colorHash
|
06600010000 |
|
VISUAL
cropResistant
|
74032a2a2c0e1815,4a3671694949418b,c8c4e78894d65cb6 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1095 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)