Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E0922460475E68EB0107E087E954BF0A7AE280FEFB66970605F45DBF3AF7C24C919219 |
|
CONTENT
ssdeep
|
384:+zM44/MSVWf4ChkqK84rw6jcaJEuSrI7tJGWHJeDr0pfD3E44JElYq:944k1PtjASr2cWQr09I44Jo |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
97186a65b4c6bac5 |
|
VISUAL
aHash
|
00002c0e0e0e7071 |
|
VISUAL
dHash
|
c408d8dcde5ce5c7 |
|
VISUAL
wHash
|
20007e3e2eaef4f3 |
|
VISUAL
colorHash
|
01000038000 |
|
VISUAL
cropResistant
|
c8b0988cd61e666c,cc88a8cecea8888c,a280e0c080a080a0,0105050b2b077ef1,c408d8dcde5ce5c7 |
Fake Russian Government (State Emblems/Passports) login page with 2 forms. Victim enters credentials which are captured and transmitted to attacker's server. Page may impersonate Russian Government (State Emblems/Passports) official login to appear legitimate.
JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.