Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15C53D63116C26E2F29D393E06760EA45AB4AF344D36B8748A3EC824B7BDAC71FC55174 |
|
CONTENT
ssdeep
|
768:VwAvBsK0o3RK04EOC0mK0T9iI4O2iL8TK0kMk12:/0oQ04Eq0hV4reb07H |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b246b9ec1b3bc612 |
|
VISUAL
aHash
|
0000200004ffcfcf |
|
VISUAL
dHash
|
b8cdccc8cc361f3b |
|
VISUAL
wHash
|
004474046effcfcf |
|
VISUAL
colorHash
|
3220000000b |
|
VISUAL
cropResistant
|
18063e1f3b3b3b3b,a8d5cdc8ecc8cccc,0100000000000000 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)