Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15913C6F2535805FA3A5BA3D9AC14A309F157988ECE444AC5F5F6C2DC2788DA0AD73387 |
|
CONTENT
ssdeep
|
768:d6H0eZob+emlUcuXwztzvflmRfPkPh19y5MjDvfln:8H0eZob+emlUcuXwztz4Rfi1y5MjD1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9212bded4db29247 |
|
VISUAL
aHash
|
0000040000ffffff |
|
VISUAL
dHash
|
f8f8ece9e0d01010 |
|
VISUAL
wHash
|
000c3c1400ffffff |
|
VISUAL
colorHash
|
0b000000038 |
|
VISUAL
cropResistant
|
174f69abeedaf8b8,bff9ffd819591919,d010101810101010,f8f8f8ccece9e0e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 937 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)