Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1967319A83909F5271AB343A710DE14037378122B580D4C60B255FD9EB6F9C9AB16BFE9 |
|
CONTENT
ssdeep
|
1536:ab6B3lUuRNka2wblHbJLwLIz9GguGOjjRnK:aWBDrX2wd9W/guGO4 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc663399cc669999 |
|
VISUAL
aHash
|
0018181018180000 |
|
VISUAL
dHash
|
08103020b2320c00 |
|
VISUAL
wHash
|
8c9cbc98989898bc |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
ffffefb3b3f3ffff,08103020b2320c00 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 19 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)