Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T181A27370518A693B01A3C6D2E67667ABB2E1860EDB039651E3FC635F0FCBF94ED55200 |
|
CONTENT
ssdeep
|
384:j3jAA8GY01kxlSVnfLUTGt8f15TmfLProUa87mV:j3jAAVY01kxEJfLUT3f15TmfwUf7mV |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e31eb146b1ce1ab8 |
|
VISUAL
aHash
|
0000183c0020ffef |
|
VISUAL
dHash
|
e89669691ee0c61e |
|
VISUAL
wHash
|
ff001c3c0030ffef |
|
VISUAL
colorHash
|
020000001c0 |
|
VISUAL
cropResistant
|
800080a080008000,ccb3b3c5c566c080,e4e01c00969e9e9e,20069669694410e4,2c3d3d2b230301c1,e7e7e7e7e7e7e7e6 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 41 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)