Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T116333AF93955B5521BB380E2A0AF359BB33E242BB80C49E06150DF9974F8499507BF8E |
|
CONTENT
ssdeep
|
768:nyWuCyPW/u11s2rR5SML/5u1nUoMX8Utiku1lvJYQJpSxHyOzxHRBaW/Sy3sIWjd:l3vaQKyOloQzZs8oWQbp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9f56d0c253720e1f |
|
VISUAL
aHash
|
fc9f07071f3fef8f |
|
VISUAL
dHash
|
cc307f0d78701a1a |
|
VISUAL
wHash
|
7c030707073f8f8f |
|
VISUAL
colorHash
|
07000000e00 |
|
VISUAL
cropResistant
|
cc307f0d78701a1a,41451b8ca46b5543 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 701 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)