Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CA613171E008CD37518BE2D12B759F2B32CAC286DA975F0952F0D39EAFA6D95CC4A053 |
|
CONTENT
ssdeep
|
48:TdCGQ7G6SG01f1k/UB01IyB01k/nGVvB01IKB01k/cBioWEfHhpDbTGUTG4skpZA:TEGb6SG4gEfHhpjzTG4skpZA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d8cb268c3b268cbb |
|
VISUAL
aHash
|
c958381818180000 |
|
VISUAL
dHash
|
1191b1b3b3333339 |
|
VISUAL
wHash
|
fdfcfcfc1c1c0100 |
|
VISUAL
colorHash
|
01002000180 |
|
VISUAL
cropResistant
|
c88ef6f2f8f8f0e1,1191b1b3b3333339 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.