Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C481D8214145AC76858351C47960BF5817EA83B4C703484DF8E9CF8D2AD3EE5E35B39A |
|
CONTENT
ssdeep
|
96:kSmZGweT13mKZjcAm95UEs7whV4C6j0Ly9/z:fR3Rjc7UdUhVB6uy9/z |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3a3cccc33333166 |
|
VISUAL
aHash
|
ffffe3c3e7ffffe7 |
|
VISUAL
dHash
|
204d4d4d4d32040c |
|
VISUAL
wHash
|
ffffe7c3e7000000 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
204d4d4d4d32040c,c080a201a280a280,088bb0b466b0b846 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)