Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C33275B25140201E561B8ACB9F256B6C32BB20BFDAFB4501F7ED87C5DBE9C91ED06844 |
|
CONTENT
ssdeep
|
192:GAe2fO640TAAqRZ6swMNgdKLwSYzMg9W407AAqRZ6lIljkk/:120WRZ6svN5wSY4gj0ORZ6eljkk/ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9393ec6cb4928e65 |
|
VISUAL
aHash
|
7e6c2c6c00180000 |
|
VISUAL
dHash
|
f4c8c8c9d830f070 |
|
VISUAL
wHash
|
ff7e7c7c60181818 |
|
VISUAL
colorHash
|
31e00000000 |
|
VISUAL
cropResistant
|
f4c8c8c9d830f070 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 34 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)