Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12D213331909C8C765983E3B867E0E19F2785C750CB1B2A4426FCEB7C9AE1D80CF252D9 |
|
CONTENT
ssdeep
|
24:hRYLBCtO8hrCYOuyCvJV+BvVLEFMD8ldMcBTx0XXJgEuuVyH6yS:TqUNZB+BdyCC7IJgEuuVY6J |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc3333cccc3399cc |
|
VISUAL
aHash
|
0000181818180000 |
|
VISUAL
dHash
|
0000303030300010 |
|
VISUAL
wHash
|
000018181c1c0000 |
|
VISUAL
colorHash
|
38000000e00 |
|
VISUAL
cropResistant
|
0000303030300010 |
Victim enters credentials into 1 fake form. Form data is captured via JavaScript or backend submission and transmitted to attacker's server for account compromise.
Malicious code is obfuscated using 1 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)