Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11562B76273152A3E4A77CB90F645B33DA25DF308C525D138F1EC12A823C6EE9D6A3B44 |
|
CONTENT
ssdeep
|
192:AGr1eh8VacD1FyYdM4KE1O9AZyK/JyKH4mV1FyztmutW:AGr128VacD1zdM4W9AZyyH4mV1UtmaW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c9cb63634d69296 |
|
VISUAL
aHash
|
263f3c1800003c00 |
|
VISUAL
dHash
|
d43270b232c8d408 |
|
VISUAL
wHash
|
7f3f3f38003c7e00 |
|
VISUAL
colorHash
|
38000600c00 |
|
VISUAL
cropResistant
|
d43270b232c8d408 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 68 techniques to evade detection by security scanners and make reverse engineering more difficult.