Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T137919733A208083B55338385A793F269606F829DDD451920E6BE13EE4BE6EF5F533206 |
|
CONTENT
ssdeep
|
96:TG4ZvU6t9gm0iFnkeG1kr/sPqS2/5EZVkyAcZl02cS:jq0MiFgeDVncD3 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e4939b6732309b39 |
|
VISUAL
aHash
|
fff3def6f1f1d181 |
|
VISUAL
dHash
|
64e6b4a4e7e7a733 |
|
VISUAL
wHash
|
bff1ded0f0f0c080 |
|
VISUAL
colorHash
|
03000038000 |
|
VISUAL
cropResistant
|
64e6b4a4e7e7a733,36192c6f4304061f,0c1d3b3bb2a8392d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)