Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T125049A36D1A224B3926F6C8424359B1E32B7D30CE9531584A7EDC3E92FCBD82CD91A57 |
|
CONTENT
ssdeep
|
768:+wAVi4eqZKArARbA7b221xT3T0zHHgefDMTeGHABb221xl3g:+wAViYZKAr00rTj0zgefDMtghlw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b8c6399e8b3c8e32 |
|
VISUAL
aHash
|
ffffffffffc3c3c3 |
|
VISUAL
dHash
|
288e0e2e40169696 |
|
VISUAL
wHash
|
bfc3c7e7c3818181 |
|
VISUAL
colorHash
|
0e038040000 |
|
VISUAL
cropResistant
|
288e0e2e40169696,33472c0e2d0d5d4c |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 338 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)