Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13023A7B23D476926222F52CFB10B3B0D91C2D2C5C75626D879F8C25C87B5DA0BFE2658 |
|
CONTENT
ssdeep
|
384:C3INGgU7NRuHym0n1qzsMcjcV/f6/wyWrMH4cfne+QH/EVNAvrevmlsBef9j7:zNjym0n1qhcjS8RQHcVNAyvfe13 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
88f474dcdcf1b0d0 |
|
VISUAL
aHash
|
c900c958185d4900 |
|
VISUAL
dHash
|
39999bb3b1ab93d9 |
|
VISUAL
wHash
|
cf49497c595d6d01 |
|
VISUAL
colorHash
|
38001040180 |
|
VISUAL
cropResistant
|
39999bb3b1ab93d9 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 940 techniques to evade detection by security scanners and make reverse engineering more difficult.