Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10B73F8A83959F5271AB343A710DF14037378122B580D4D70B250FDAEB5B8C9AB16BFE9 |
|
CONTENT
ssdeep
|
768:ZduqasKS4UCINc2YRaIjka2bMbCiTHMgsk2Yt+uPYLUcipz9ERsZuGOjjgquCdx8:klUuRNka2wblHbJLwLIz9GguGOjjRnY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc9ce393d8c466cc |
|
VISUAL
aHash
|
fe3c181818000020 |
|
VISUAL
dHash
|
70f030b030004040 |
|
VISUAL
wHash
|
ff7e18181800fc7c |
|
VISUAL
colorHash
|
38000000007 |
|
VISUAL
cropResistant
|
70f030b030004040 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 9 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)