Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T169E10333625471260BA252449534C3BEE34A4E98DB132F6257FB639C42DDA81FDF32D9 |
|
CONTENT
ssdeep
|
192:ATIoekJDIMgEhd8lhj/dBE2wIXPCzl5a7Lc/81:ATPI2dsMJkSo |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c669398e96ba6968 |
|
VISUAL
aHash
|
0000003c3c3c3c3c |
|
VISUAL
dHash
|
19c8c0f4e4e4ece4 |
|
VISUAL
wHash
|
0020007e7e7e7efe |
|
VISUAL
colorHash
|
120000001c0 |
|
VISUAL
cropResistant
|
b2b3d393f2367616,19c8c0f4e4e4ece4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.