Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A7C263B12264113BA11B9AD7AF66373B32FBB1FDD8720110D7FC0AA45BE5D89E823544 |
|
CONTENT
ssdeep
|
384:6lRSWtqY+SAaAxyjiRU74CyZuwq/g2odERYXxOcQv+4nmeUQVGuxBYaHYc1RcWh4:8RHAaAx45/yEwj2MERYXxxS9YwhG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
92922d6ded9296e1 |
|
VISUAL
aHash
|
03646c6c4000007e |
|
VISUAL
dHash
|
96cdcd8d926cd4d4 |
|
VISUAL
wHash
|
47447c7e60047e7e |
|
VISUAL
colorHash
|
38007000000 |
|
VISUAL
cropResistant
|
e8d8aacccdaae4e8,96cdcd8d926cd4d4 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 57 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)