Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10E73C76BD349237111C302527F97A9D5F725806C33B6AB5A2CA4C15C13D9F2D833B7AA |
|
CONTENT
ssdeep
|
1536:WL/HX2liyC9l+2pM/UXlo1D7mLMP19PkNJ1:7yy6W1D7SMPDPkNJ1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e6594c661966595d |
|
VISUAL
aHash
|
00ffe7ffffe7e7ff |
|
VISUAL
dHash
|
30080c0c104d0d20 |
|
VISUAL
wHash
|
00e0e4c02f27e700 |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
0c0c0c0c084d0d20,100030b2b2300010 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.