Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E8F2D671E310067F241B8BE8F252B77DB0A6D30ACA5B945CB3ECC39117C6D68DE62290 |
|
CONTENT
ssdeep
|
768:jbij/3lt7ToTV8SNXOEZitUot4flYyEVgI9Q/JUDtI0/+aaaO:iMI/k |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fe47bb0469877888 |
|
VISUAL
aHash
|
a08080000000ffff |
|
VISUAL
dHash
|
4c646454a12c5d11 |
|
VISUAL
wHash
|
f69494b01000ffff |
|
VISUAL
colorHash
|
16601010000 |
|
VISUAL
cropResistant
|
fce8f8f4f2f4f8f1,8e04e0c0c0c0d3d2,ac40641919991513,4c64652454a5a1ac,8703316171f18181 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 29 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)