Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D2921029734813341A2724C296A932D5B736F3783B571DE0B05AC579CAAEABFF031E54 |
|
CONTENT
ssdeep
|
192:Ff6xDJ5ks08UE8QIkJsMdlrdlbyklxADVt+lfT01b6rbTa3ElADTpK/0ph/pbMwZ:Ff6xDJas08UEmM7XDuiEIbQgVPeKsaLG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bdc9c23cc3613c96 |
|
VISUAL
aHash
|
ffff83c38383c3ff |
|
VISUAL
dHash
|
0233071717073700 |
|
VISUAL
wHash
|
ffc381818181c3ff |
|
VISUAL
colorHash
|
17030000080 |
|
VISUAL
cropResistant
|
0233071717073700,e30b173333173737 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 12 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)