Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17264C9519301213EA12389ECB3787556E3CEF19EEDAB8C9487EDC36D76C9DB4C60085A |
|
CONTENT
ssdeep
|
6144:LWvkaHUcD7dRZh2OSMmv0eQ4QecQZzPA0E7Dv6wvN9CkSR2wdJEK7/Se+2on4FnJ:fAK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
977b6885486c6997 |
|
VISUAL
aHash
|
002e00003e3e3e3e |
|
VISUAL
dHash
|
ce48584ceccce4e4 |
|
VISUAL
wHash
|
222e043e3e3e3e3e |
|
VISUAL
colorHash
|
08006000000 |
|
VISUAL
cropResistant
|
e4c6596943e8b060,cccdf6367371aced,4f6ed3a396c4e8d9,ce48584ceccce4e4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.