Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E5B1D93055607D4762336394B8A2870E6607D30EDB064CF8A3E89AD6D7DFFE445266A3 |
|
CONTENT
ssdeep
|
96:ac0QXddbCpBFkuQc5DmeOiXHqRkIpuOi45IkJoWtR6Bn/XddR:JCpBWEPrKRmOi45I6c5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b81cc7733cce5930 |
|
VISUAL
aHash
|
ffdfdb8383cff7ff |
|
VISUAL
dHash
|
e394b7363696c49a |
|
VISUAL
wHash
|
ff4711010303777f |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
e394b7363696c49a,278f1e1ec7612583 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1186 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)