Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C92133906081A81FA243D3F52EB1F31CB38BC241CF830F085AE4AABE1AD9ED5C5652D0 |
|
CONTENT
ssdeep
|
24:hRiADLevs5qL0NwMW+3GEYVBEPNFxqQHdus7W+u1:TiADss5Hwe3JmmPgit7Pu1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ef4c94369bd0e191 |
|
VISUAL
aHash
|
bf91f9f9a1e1ffff |
|
VISUAL
dHash
|
62671343634b0045 |
|
VISUAL
wHash
|
bf00f9a000e0ff3f |
|
VISUAL
colorHash
|
070020001c0 |
|
VISUAL
cropResistant
|
62671343634b0045,7171210101010101,0101010181210121 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.