Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D8A244A9CD4159369243899FB4732B8DF2CAC109DC0239D5CBB897D76FC6B82443E71A |
|
CONTENT
ssdeep
|
384:Q153AUr8ZW3ouulx7yWEFPExYJqbUetWYA:C538ZpxMNJCUet3A |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a1ec2313da13137f |
|
VISUAL
aHash
|
fff3f3ffff0f0703 |
|
VISUAL
dHash
|
33262630badbdb9f |
|
VISUAL
wHash
|
00f3f3ffff030101 |
|
VISUAL
colorHash
|
07000200038 |
|
VISUAL
cropResistant
|
3326a630badbdb9f,60606040c4c44060,041059696965e5d1,fbfbe3e3e3e7e3e3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1765 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)