Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15CF1217265409DB70183E3E6E771E76F7A86D389CA932742A3F9974D0EC7C9ACC50218 |
|
CONTENT
ssdeep
|
96:W3bPzJCvHDLxh1OjzxK8OK58BO4vRl6v42BvlPHMDRJoTO4AP3w2:WngP31OPa+4vRlk2RJoTol |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cece6c646c4e4ed0 |
|
VISUAL
aHash
|
f0ffffff00000000 |
|
VISUAL
dHash
|
6761696906280000 |
|
VISUAL
wHash
|
f0fffffff0000000 |
|
VISUAL
colorHash
|
02e00000000 |
|
VISUAL
cropResistant
|
6761696906280000,0002041616161609 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 51 techniques to evade detection by security scanners and make reverse engineering more difficult.