Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BFC110A75108183E253305ECE52433A62092B31EDBA6191CE3EE937783ECDA7B967C50 |
|
CONTENT
ssdeep
|
96:TcUj11tUbOw7NS+3jRYmRt4xg82129nSDbh+hvb51DoT:4Uj11tUbB7kwXbAcc9SDbh+hPoT |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ecc7933893316cc6 |
|
VISUAL
aHash
|
fff3f3f3f3c3c3ff |
|
VISUAL
dHash
|
1866664626a68678 |
|
VISUAL
wHash
|
ffb1b1b111110103 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
1866664626a68678,25242424a4e0c464 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)