Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14082D6E96BD4A3F8E006F3F4CB3565B67A1734F9B7528B90C2A45E94BA1045DC88DCC1 |
|
CONTENT
ssdeep
|
384:7m4N+9pq017jARzFTaru09XOMsuY3pZbnTJzeWBrH4XeB35/C136dUsUVLTlL/ae:7lVQVVIjbMWBUXEC1fLhFX |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bd8ec339c4d266c4 |
|
VISUAL
aHash
|
ff8f838b83838fff |
|
VISUAL
dHash
|
80383737371b18c0 |
|
VISUAL
wHash
|
ff8f838181808efe |
|
VISUAL
colorHash
|
06008000c00 |
|
VISUAL
cropResistant
|
80383737371b18c0,fffffffffffffdfc,0561617979616905,9b8e8ed340c1c341 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 18 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)