Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T114C16573935066A78B1312617109D3EDB20600B6FB176E95E5FB8698C2AD1528C337FF |
|
CONTENT
ssdeep
|
96:T9Q3XztpPM26Dx6YQRUYskzXW9lUjZldQDg5Bg/NrDCPBq3n6o4Cm22XVp6/PR5s:xQH7iEU4elUdldQ2e/0zs7cq5vKbXB |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c692929a766c6d69 |
|
VISUAL
aHash
|
3c3c001000303800 |
|
VISUAL
dHash
|
7969436161616161 |
|
VISUAL
wHash
|
3e3e3c303c3c3c3c |
|
VISUAL
colorHash
|
38e00000000 |
|
VISUAL
cropResistant
|
ff9bff7fffffffff,7969436161616161 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.