Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FFC2C6A493086D3D705383E8DB76337A32BA91D6E70A1214C6FC43B86695D8EED371D8 |
|
CONTENT
ssdeep
|
384:JvUzSiK6BtpWKnP00DhTEwWPPt/wF2GevxG/B0F8:JUxL00DGwWNwF2Tq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
999a676922be88ae |
|
VISUAL
aHash
|
9d0c1c1c18188080 |
|
VISUAL
dHash
|
7958313950d32810 |
|
VISUAL
wHash
|
fddc9e1e1c3d8088 |
|
VISUAL
colorHash
|
38038000000 |
|
VISUAL
cropResistant
|
7958313950d32810 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)