Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14FD273F1C68020EF21138FA5E8656B6B72C7916DDA33CD2047BC4F5EE7D9DC0961988A |
|
CONTENT
ssdeep
|
384:xzcywFnc7lGtim1pk7r2PPaL6/e8oJgVMRT6PZTwtJT:xzctxc7lAiX7U3/YRT6PZe |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec966c6c966c9625 |
|
VISUAL
aHash
|
f7ffffffffc1c1c1 |
|
VISUAL
dHash
|
2f12122023131737 |
|
VISUAL
wHash
|
81efdb9dbd818181 |
|
VISUAL
colorHash
|
07e00000000 |
|
VISUAL
cropResistant
|
2f12122023131737 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 37 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)