Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D3F29572D5D5D473428BB2D0BA796F2B63D2C786C6420A2193F8835C0ECAED1EE1721D |
|
CONTENT
ssdeep
|
768:dQ021KU1VZCubih8Fkl833r+S4XKaxjQh1uKnrywyH:dQx1KU1VZfbih63rGGnrfY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d16bbc381a4f4347 |
|
VISUAL
aHash
|
00ff202800405edf |
|
VISUAL
dHash
|
49cacaca888ab6b6 |
|
VISUAL
wHash
|
00ff28380442ffff |
|
VISUAL
colorHash
|
0e007000000 |
|
VISUAL
cropResistant
|
c9a9d451611953c2,f1304ab262132698,426060c080000000,ef78f8f4f3e1f7cf,282c3838383030b6,49cacaca888ab6b6 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)