Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CB835D709255AD3B92ABC5D1B2B59B6F32E1C349CE87031093F993AD1BC7DE2EE24144 |
|
CONTENT
ssdeep
|
1536:E5RtV6q7m16tV6q7m1iLynPJui7QpaDly6S1airIE:E51OPJ8gJS1Vr1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc08bbf3a2aaec8c |
|
VISUAL
aHash
|
bd18181006c0ffff |
|
VISUAL
dHash
|
51f0b0b4cc141052 |
|
VISUAL
wHash
|
ff18180006c0ffff |
|
VISUAL
colorHash
|
38006000200 |
|
VISUAL
cropResistant
|
51f0b0b4cc141052 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.