Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D3B3BA21D2C35E3FF157C3A169B84B094334498CCFE20B6C69BF37A7E24A9A56637149 |
|
CONTENT
ssdeep
|
1536:2NS7raBRJdtg1uuIb3XhQ0IpzRqvrsO3dvrsaWF:K0mnhmWsksHF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9ab1311b1b7165e5 |
|
VISUAL
aHash
|
1c3c3c3c3c3c3c3c |
|
VISUAL
dHash
|
7171696969616161 |
|
VISUAL
wHash
|
1c3c3c3c3c3c3c3c |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
7171696969616161 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 49 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)