Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1052296B21154201F252F9ACB5F295B6E32F765BEE5B30101A7EC47C8DB9AC81ED0E849 |
|
CONTENT
ssdeep
|
192:Gch2RWL340tAAqRZ64v8SkIRhejqS408AAqRZ6wKzuzebu+c:4RWU0gRZ640SXDejK0lRZ6gzeb9c |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
92926d6d64929ee5 |
|
VISUAL
aHash
|
7e2c2c6c00180000 |
|
VISUAL
dHash
|
f4c9c9c9d130b270 |
|
VISUAL
wHash
|
ff7e7c6c003c1838 |
|
VISUAL
colorHash
|
31230000000 |
|
VISUAL
cropResistant
|
8084c3f2f2f3bcf8,f4c9c9c9d130b270 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)