Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CF2241308488A63B0553E2D9EB70A74BE280C146CE536F46D5F48B5C4FDAFA3CD917A9 |
|
CONTENT
ssdeep
|
192:shUHm4yWoBxm04dcuV2qgdRQCjmD63Lj9kJGNuR/Ua:T19mHBjmD63LjuJDVUa |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fc6f96c2a9c0e8d0 |
|
VISUAL
aHash
|
ff808080c0e0dedf |
|
VISUAL
dHash
|
692a221312053434 |
|
VISUAL
wHash
|
ff80c080c8e0fedf |
|
VISUAL
colorHash
|
06600018000 |
|
VISUAL
cropResistant
|
692a221312053434,5a5226323215143c |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.
Pages with identical visual appearance (based on perceptual hash)