Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T186229396A0007326498792EA7778375FE3A2504EE22507CC79F9C22D2FF5D44C433EA1 |
|
CONTENT
ssdeep
|
192:pW92N/444WJIe6BBL3fA4nKeSNls/30Mt1NGsE9e4hg:8e444WJ8Bs4nKnA3hbQb9eb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ee93934ab00f689b |
|
VISUAL
aHash
|
fdbf9890f0f0b8ff |
|
VISUAL
dHash
|
697e71566561711c |
|
VISUAL
wHash
|
fd9f9000f0b030ff |
|
VISUAL
colorHash
|
0e000030000 |
|
VISUAL
cropResistant
|
697e71566561711c,8b81a953530981c2,6c68686663306141 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.