Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17892D734310496BF01434761AFA3E78AA3858745C337C65A82F60379FBCED62CCA5B69 |
|
CONTENT
ssdeep
|
384:99qGHa3D958KqMQB8HU+nTiY28eaPVh2DIkIPDUB6Kee:99qGHa3D95EMQBeU+nTiY289n2LsD+ee |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9232696de6e50cf4 |
|
VISUAL
aHash
|
010f1e3e3e1870f0 |
|
VISUAL
dHash
|
f99dfcec6c61e2c3 |
|
VISUAL
wHash
|
010f1e3f3e3878f8 |
|
VISUAL
colorHash
|
32c40001000 |
|
VISUAL
cropResistant
|
c29ab2ce3a8aa2ba,b65216561672b2b7,f99dfcec6c61e2c3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 122 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)