Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11D61977550704E1F3323A565B8E37789A15AC30FCF29AE2476B852F662D2CF4C471929 |
|
CONTENT
ssdeep
|
48:biNRMU7W0sJMeZFFr3j2Fk3pMGMjhLNaNBRW8+U5p3cuQFf+xSFfhJjmtzaPGiUv:b3U9ziF8FcMGMFYW83p3qNZm0OiU7j |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a87068595939f7a6 |
|
VISUAL
aHash
|
0000f7ffffff83ff |
|
VISUAL
dHash
|
82a686b2f2475725 |
|
VISUAL
wHash
|
0000e3ffffff8101 |
|
VISUAL
colorHash
|
0e180008000 |
|
VISUAL
cropResistant
|
868632f2c8577765,0082929292008080,23a60415a5a73a5a,656565092a2f6766,a4eced53ab2b3317,9a9953434a475404,72525b4b4b495a60,e9695595b5d5ce49,e6e2eb4b5a5ab9ad,a52545697414ce2b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 15 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)