Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1ABA32BE0A241EC2350BB4096F09AD284FB7A551BF7198D703648C9C9B7DE87B457B2F1 |
|
CONTENT
ssdeep
|
768:6iT0TQH7YFUxc5QCm1rdtFAzXJ74YWXQlJxDPXnCLEVzc+b42NB2jIGrTnzq8QEP:6ngZtFAzZ74Y8QlJxDPXnCMzQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cf96363331398c35 |
|
VISUAL
aHash
|
02ffff3c20300000 |
|
VISUAL
dHash
|
8c69f0f0ccc092d0 |
|
VISUAL
wHash
|
06ffff7c3c780020 |
|
VISUAL
colorHash
|
000000005c0 |
|
VISUAL
cropResistant
|
5b5616859d4c4db0,8c69f0f0ccc092d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 33 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)