Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E3A329E4D242EC3311B38092A05BD289F77A151BF7190DA07588CAC9B3DE87B857B6F1 |
|
CONTENT
ssdeep
|
768:ybT0TQH7YFUxc5QYt1rdMoaxplo/dXQ59FrnP/4hiVzc+b42NB2jIGrTnzq8QE1N:yefZMoaxplo/RQ59FrnP/4YzQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cf96363331398c35 |
|
VISUAL
aHash
|
02ffff3c20300000 |
|
VISUAL
dHash
|
8c69f0f0ccc092d0 |
|
VISUAL
wHash
|
06ffff7c3c780020 |
|
VISUAL
colorHash
|
000000005c0 |
|
VISUAL
cropResistant
|
5b5616859d4c4db0,8c69f0f0ccc092d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 34 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)