Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T144F207318149683B01F3A3E5A7A6AF2AF2D2921DCF5A0F4463FC838D57CAD50ED62254 |
|
CONTENT
ssdeep
|
384:vJEIIIcIIgrXL7SrmD0g++P0ghtYoxOhdi+QxVQ5hLK30iIUqZrF3qSkE5qddmsk:vJEIIXIIy6+BCdipYJSbExjnsk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ecafe05073c8c785 |
|
VISUAL
aHash
|
80073f8f00d0f0f0 |
|
VISUAL
dHash
|
172f673f50a4a404 |
|
VISUAL
wHash
|
c3873f8f80f0f0f0 |
|
VISUAL
colorHash
|
30002000080 |
|
VISUAL
cropResistant
|
d6b0f9bbb3f3f3fc,1c5c5cd8da4a5a38,69687cf20a3697db,3217563c308f8fa7,172f673f50a4a404 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.