Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14611946808450A23024383A197D77B5976C2C493E30BBE0419E663BE2BC1F09CEFCAE4 |
|
CONTENT
ssdeep
|
12:hRwMy7FUmO65z8j0hlRt0yZqVy4W3jeJQ5ETyYEms/Gv8MqSgU7UrqoJDcL7Xorx:hR/CtR6M+y4eEyG0Zr1N874m5z9XW8I |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
eb1c94b17b4ac4b4 |
|
VISUAL
aHash
|
ffffbf8989f9ffff |
|
VISUAL
dHash
|
008426333bc32400 |
|
VISUAL
wHash
|
fcfc9e8888c8c3c3 |
|
VISUAL
colorHash
|
070000011c0 |
|
VISUAL
cropResistant
|
008426333bc32400 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.