Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19D3285B39181DD6B136393D1FFA3B19986D0E247D8360AA0ABFD879D0EC1DA0DD43152 |
|
CONTENT
ssdeep
|
96:tZSnNFisTNKJW8OMqh9ZrIYaXRwphOVxJWHhJSyM/b/jAo/rILX8+yT0vY6tn+Zq:2PU692BXeV7PuDjAKELXZ6PUlCzoF1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
becc61cc8e3ec131 |
|
VISUAL
aHash
|
ffffcf9fbfff8183 |
|
VISUAL
dHash
|
a1831c2c22a00f0f |
|
VISUAL
wHash
|
ff0187879b9f8181 |
|
VISUAL
colorHash
|
07403040000 |
|
VISUAL
cropResistant
|
a1831c2c22a00f0f,3133333333333353,4dc96c4c5858787c |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 19 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)