Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E8D251B3A1C5543B164382C0A5377759E25319DBBECA0DC5F2E7E329321DFD2885226D |
|
CONTENT
ssdeep
|
768:0kzEPpbPbedBPLdfVR5G8C6d4Ve45A1KalWQ7HNl92MZLp7A/tCQmG+Z+L+48KlY:LEPpbPbedBPLNVR5G8C6dJ45A1KalWQ9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b1c32c936cc33cc7 |
|
VISUAL
aHash
|
c7efefefcf87cf83 |
|
VISUAL
dHash
|
0e5e1c1c1e1a1e36 |
|
VISUAL
wHash
|
83e3e3e387878383 |
|
VISUAL
colorHash
|
07400200000 |
|
VISUAL
cropResistant
|
0e5e1c1c1e1a1e36,c5706c4749647468,5898989c9c5e5959 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.