Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FA22B512F788722947CB0366BA2193D9F3BA804467500F4C66BFC61EE9C516CC7776AE |
|
CONTENT
ssdeep
|
192:KTHZQQIbRVaI3TfLUqdn0KSlcc/ppNghTZgkTW:KG9bSIDfLUqd0KSlcc/ppNgZda |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f00c8f07686b1f6b |
|
VISUAL
aHash
|
70ff80c0c087e0df |
|
VISUAL
dHash
|
e6861e9f9a2e8332 |
|
VISUAL
wHash
|
305fc0c0c0ffc0ff |
|
VISUAL
colorHash
|
180000001c0 |
|
VISUAL
cropResistant
|
e6861e9f9a2e8332 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.