Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C4D12FE0C414EE37435386D89BF16B0B73D1C359CB421940A3F883AB5BCAC60DA65AA9 |
|
CONTENT
ssdeep
|
96:TkJ5SzeFvMSfuSTCctutQsSS8lWUQFULeX8NwvFRedXlz/hYfYfGJ:QJ5SzeFdjWcktQ3WI/lTzpsuA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9a5da1c2c1a59e1f |
|
VISUAL
aHash
|
ff000c1c1c1d0f0f |
|
VISUAL
dHash
|
805a392a312ddf1f |
|
VISUAL
wHash
|
ff0e0c1c1c1d0f0f |
|
VISUAL
colorHash
|
02000038000 |
|
VISUAL
cropResistant
|
805a392a312ddf1f,a1ababa95b5b5b59 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 64 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)