Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F3B231B08585C87750A7A4D1B2B69F2F71E2834AC9430605D2FED3BD9BEADA4FD03461 |
|
CONTENT
ssdeep
|
768:zN18i8ms82WS5sdx+ammmRmDpmDmyBDp38w6j:eo/y5dQUayBDBoj |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ba57cb14056751ec |
|
VISUAL
aHash
|
00998180df89c3fb |
|
VISUAL
dHash
|
7171293eb6312313 |
|
VISUAL
wHash
|
00998181df8fd1ff |
|
VISUAL
colorHash
|
32c00008000 |
|
VISUAL
cropResistant
|
f8f96969c9c9cdc1,888f83a7c3d4c2a2,7171293eb6312313 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5881 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)