Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T122147394F2E29C32311F81F2A4A467090192FBBBC7411BC767B146B5DBF58BD384E299 |
|
CONTENT
ssdeep
|
6144:IiHtk4RYYH0S6525PY/dxxaq85kJo6ReUcc+N:0grUcH |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3640c5973665f26 |
|
VISUAL
aHash
|
007fe7e7e7efffff |
|
VISUAL
dHash
|
04b28c4d4c4ca0ec |
|
VISUAL
wHash
|
0000e7e7e7e7073e |
|
VISUAL
colorHash
|
06007000040 |
|
VISUAL
cropResistant
|
8000c082a2800080,b88c4d4c4d50a4f0,4145808280c02120,09f27676ca66cf7c |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)