Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10352A439A140253F4543E2C46FA03B9AB39681C5EB371644B5FD572E8EDEE41DC23E29 |
|
CONTENT
ssdeep
|
192:iIm4UWBACZmHYdWFS94NLFF7H3ykRvqex1Rth/LB040kAInK+Xga:q0myWRFr3XSGrwyKKz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c880e6edaf3171d8 |
|
VISUAL
aHash
|
ff7e5c0fd9918180 |
|
VISUAL
dHash
|
e2e0909b33333333 |
|
VISUAL
wHash
|
ff7f5e1dd1818080 |
|
VISUAL
colorHash
|
07e00008000 |
|
VISUAL
cropResistant
|
e2e0909b33333333,9dfdf76b73f2391b,c70b138985043078,b231252323332153 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.