Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F4A32AE19241EC23547B4092F0ABE289F77A8417F75919903948CAC9F3DB87B857B2F1 |
|
CONTENT
ssdeep
|
768:EBT0TQH7YFUxc5Q4+1rd8f5I+u+KzXKnDr9xZpErIVzc+b42NB2jIGrTnzq8QE1N:EIYZ8f5I+u+KrKnDr9xZpEIzQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cf96363331398c35 |
|
VISUAL
aHash
|
02ffff3c20300000 |
|
VISUAL
dHash
|
8c69f0f0ccc092d0 |
|
VISUAL
wHash
|
06ffff7c3c780020 |
|
VISUAL
colorHash
|
000000005c0 |
|
VISUAL
cropResistant
|
5b5616859d4c4db0,8c69f0f0ccc092d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 35 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)