Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13BC143599208323642DB029BFF7A87DEF36744C6D622178517B8C11C7AE6AC4CD1A4DA |
|
CONTENT
ssdeep
|
96:Tz/OVCiASNWn5yTh6ps40JORjjyF3GTT5ZTBxGbYU2vfKkpb1BRJXWNJhHp4agqd:mgIh/cXxIAKkR1BRtW3hHhAq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed69696996969630 |
|
VISUAL
aHash
|
8181c1ffffffffff |
|
VISUAL
dHash
|
2323036a2a2a2a2a |
|
VISUAL
wHash
|
81818183e3dbebeb |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
2323036a2a2a2a2a,0000a10000002000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.