Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17722B557A2913332055702BBFB5B83CEB3718088E32A1B4165BEC25D37D29E5DE276D8 |
|
CONTENT
ssdeep
|
192:f4NfiZd556F9s0m2g0p0kner0I5dUa/DF9udldTJT5X+v:ANKQjuDZrrR0dlpJTUv |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
93c76c6c3b396434 |
|
VISUAL
aHash
|
3c7e3c3c3c000000 |
|
VISUAL
dHash
|
68e04c48f8c40195 |
|
VISUAL
wHash
|
fffe7e7e3e000000 |
|
VISUAL
colorHash
|
38007000000 |
|
VISUAL
cropResistant
|
68e04c48f8c40195 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.