Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13E91B807D388B2FA079101C1F91483FCC70A409CAF475F9913D9C05C99B96A9CAB96EF |
|
CONTENT
ssdeep
|
96:TsTotj4ETHtgwKyZ+pS07KwAFGg9EHTpuTCVWas1weSxTI7:F54mHt6oRlFGg9Ezp5m1weS6 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
91464f5353b0ecb9 |
|
VISUAL
aHash
|
0000ffffffffffff |
|
VISUAL
dHash
|
d4c0309c98989898 |
|
VISUAL
wHash
|
0000df8f8d8d8d9d |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
d24d637369494d4d,b09c9898989898b8,4023dcd461680208 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.