Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19BD2B57261C22F37C106C7C4A636679EB3220DAEDFE246A1DEAF0757D387856DB02149 |
|
CONTENT
ssdeep
|
384:4z/9BGyxV+bnt2/jU+WAPiSA54Kt8j2DXI+3KDbXIid:4CyzGtajU+W0iSA53eh+6/XIid |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
88eae2cac8ebe2ca |
|
VISUAL
aHash
|
ff00001818000000 |
|
VISUAL
dHash
|
690ecdb2b2b2f29d |
|
VISUAL
wHash
|
ff00011b1b1f1f1f |
|
VISUAL
colorHash
|
380000001c0 |
|
VISUAL
cropResistant
|
0049016969610904,facd72b2b2b2f28d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 193278 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)