Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T193A10F37A34453F54EE302D0E92096FDF20A10D4E602BE2D6BE68359659968D8CB63B6 |
|
CONTENT
ssdeep
|
96:TQj9Nryd2qSv7nPMAc9g0lJy7eNxfVIqwKV57gLZ9L:EjXBTQZRnfVIqt57g/ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b80f1a0db8cf1e4d |
|
VISUAL
aHash
|
000000ffffffffff |
|
VISUAL
dHash
|
fbffd116961e1e9c |
|
VISUAL
wHash
|
000000ffcfdfcfc7 |
|
VISUAL
colorHash
|
07000180050 |
|
VISUAL
cropResistant
|
99194a8c5a6ae6bc,dfd134161e1e1e9c,fffff3f3f9fbffff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.