Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F343E732916B2133037B99C075FA5B6A72E3C2ADE8571465A3FC87AC0BDFC62F855502 |
|
CONTENT
ssdeep
|
1536:ss2sB4h26IIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII6:s1UHYqtS9aT7SU |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
acb327a6122d32fc |
|
VISUAL
aHash
|
07fffffffff3f000 |
|
VISUAL
dHash
|
dd4b989abce7e360 |
|
VISUAL
wHash
|
07ffcfcfd7203000 |
|
VISUAL
colorHash
|
00601010000 |
|
VISUAL
cropResistant
|
dd6b9b9a92a4e7e3,2300373b2b2f1021,7d3f7bd1552b553b,63e3e3c324a42848 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 485 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)