Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A753B57341D4713B41BA85DCD2A9761CE3C7490DEB428F90B3FE46BD9E81DA0AB12789 |
|
CONTENT
ssdeep
|
1536:dhoBP17Nn0ZP71nQnSiVsAuScnBwPgcDSO0XVkES7XsdSz0n/+cA/anwvbfwTi:dhoBP17Nn0ZP71nNE1GBwPgcDSO0Fkf3 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c66b6c1b2c3b2c3a |
|
VISUAL
aHash
|
003c3c3c3c3c3c34 |
|
VISUAL
dHash
|
ccc4c4d4ccd4dcc4 |
|
VISUAL
wHash
|
003c3c3c7e3c3c7e |
|
VISUAL
colorHash
|
1b001018080 |
|
VISUAL
cropResistant
|
a02615554d757b23,ccc4c4d4ccd4dcc4,010121313050d0d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)