Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F823FDF48359ED57048789CCB65BF780A40742C8CB794A95A2BA8FB7FF44CB621364E4 |
|
CONTENT
ssdeep
|
768:S9Z8Z36QFwZ8ZUm+PwIMtSeBezZbZMoxT+e2P8DSIOiVIOixXF:YZ8Z3paZ8Zn+PvegzZbZoPhI5IFXF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b896574b68e49723 |
|
VISUAL
aHash
|
00072fdf990f0600 |
|
VISUAL
dHash
|
020cdc33337c9c01 |
|
VISUAL
wHash
|
000f7fdf191fc780 |
|
VISUAL
colorHash
|
38e00000000 |
|
VISUAL
cropResistant
|
020cdc33337c9c01 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)