Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FAA10F10B096BBBB347371DAF312FBD077894386C45B0B9912FE92A52EE1F019767029 |
|
CONTENT
ssdeep
|
48:tlyPBu6rVzzj8c3UBtCTGC1GHC9oCYPajq5Nb3ACHCwnC9CECrCrgyV61k3ZE7Ux:Xy5u+PqycAM7A/bpAreP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9908267788dc7773 |
|
VISUAL
aHash
|
0000081818ffffff |
|
VISUAL
dHash
|
110d32b2b215a251 |
|
VISUAL
wHash
|
0000181899ffffff |
|
VISUAL
colorHash
|
00000000cc0 |
|
VISUAL
cropResistant
|
8696f28271736ded,110d32b2b215a251 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 279 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)