Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C441E3F24289B5BB0343A1C4AB12FF59AAC6028ECDA25603E5FD870F9B84E53DC05054 |
|
CONTENT
ssdeep
|
48:Tl6PCItIATJqRBLhxa6ATxNba6ATVpTZi6Azso/VU6AzPap6E4ap6+s3Bg:Tl6ptIATkRVhxa6ATxVa6ATVpI6AzS6h |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc3333cc3393cccc |
|
VISUAL
aHash
|
0000183c18180000 |
|
VISUAL
dHash
|
0c30b2b2b2b23204 |
|
VISUAL
wHash
|
00003c3c3c3c0000 |
|
VISUAL
colorHash
|
07000010180 |
|
VISUAL
cropResistant
|
8e92aaaa82abaa96,0c30b2b2b2b23204 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.
Pages with identical visual appearance (based on perceptual hash)