Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BE130B70A281163F241F97F5F162A76DB1ABD30EDA5B4458B3EC93A227C3DA4DE23150 |
|
CONTENT
ssdeep
|
768:y/+0L/1uAfWS8mXf7RisJXJHHPq2yl25IynLH/mR/JUDtI0/+aaaz:50UG/9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ee34944bcb4b8395 |
|
VISUAL
aHash
|
ffc38381818181ff |
|
VISUAL
dHash
|
06960733134b3308 |
|
VISUAL
wHash
|
ffc38381818189ff |
|
VISUAL
colorHash
|
17000030000 |
|
VISUAL
cropResistant
|
86960731134b3308,00000830b3b33208,2626074135399353 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 30 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)