Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19462893F264C58392F335F98B9D5721CE0C3191F4AA59DC2A09BD5797AC3AB49C4809F |
|
CONTENT
ssdeep
|
384:wPR2Y0beW/e7x5Iu8G/KA2Jpph3XdWl5XqnFH/oWTUxfrfu0fxQ:wPR2Y2eW/e7x5Iu8G/KAkpR8+LUVzuAu |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b35313135b1b5353 |
|
VISUAL
aHash
|
00ffffffffffffff |
|
VISUAL
dHash
|
49184c00000e2600 |
|
VISUAL
wHash
|
0000031fff819fff |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
1c0c0000000e2400,26195ae949494639 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 149 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)