Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E9B1977153C01AAAB68B8BE4BB1053B5F34F62F796D2F500A1A4C750F9E5EE0981C7D4 |
|
CONTENT
ssdeep
|
96:Toy+CGuRFjzgITa3vXMMlaZFhWQO0iEwog2sHy9rzOKhoDXzdBt:UlCGSFB2f8MWXU0iYgRy9/OwoDXzdz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c2e17d0f213f350d |
|
VISUAL
aHash
|
00fcffff3c3c3c3e |
|
VISUAL
dHash
|
e2e8d0e9e9e96968 |
|
VISUAL
wHash
|
007cffff383c3c00 |
|
VISUAL
colorHash
|
07200038000 |
|
VISUAL
cropResistant
|
e2e8d0c8e9e1e969,4980801880fefbab,ec13c02f13406000,41829a9e9a620de0,bebfffffdf5fffef,e1e1e4e1796969e8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.