Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T197411D30A0084C2383D2D6E47BFAA71AB6D1C26DCAA31B0557FDC30D5EE7D8AED46240 |
|
CONTENT
ssdeep
|
24:hR/CcuDfTJ0cuSJWQZvwdrQNEN9uym8kRA+QNEO0ec7geUD5z9/jbgjud4zJ8kfo:TXCN4dcaHe8Z+OdSroj/jzd4zOkMVV |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
eca313923ccd479c |
|
VISUAL
aHash
|
fffffbfbdfffff00 |
|
VISUAL
dHash
|
c40c3333b34c0000 |
|
VISUAL
wHash
|
00e7c1c1d1ffff00 |
|
VISUAL
colorHash
|
07000040006 |
|
VISUAL
cropResistant
|
e2083333b3200000,0080000090000000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.
| ID | Portugués | Inglés | Trigger |
|---|---|---|---|
Pages with identical visual appearance (based on perceptual hash)
Found 1 other scan for this domain