Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EBC43BF093D19AFB40838BE4B460F39AE15B557AEB67E94CE3CC87157BDAC5A8C00590 |
|
CONTENT
ssdeep
|
3072:cMMJwxPHZEOZeiHPCuuUZs5RNL4ZujVgub5tIZ/rvLfqLyPZEfZeiHPCuu1Zs5RQ:crwxP8QCqOeSeCUQwiG+Wxt9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9bf4e49259073656 |
|
VISUAL
aHash
|
66ff00181c043c00 |
|
VISUAL
dHash
|
d4696c70794df0c0 |
|
VISUAL
wHash
|
ffff003c1c0f7c00 |
|
VISUAL
colorHash
|
30000c08000 |
|
VISUAL
cropResistant
|
10082aa32a2a0000,01d4d4d4d1d0d000,2d6c70796ddde002 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 30 techniques to evade detection by security scanners and make reverse engineering more difficult.