Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T113C15311BB14223C0B5B163FBA6B01FC96778956A34117EDBA5C821DB2508CD83F7BA7 |
|
CONTENT
ssdeep
|
96:Tn/dSGbIQ2SXM5JCm5hZLNplVT60Kb3AGoQ/+60dVNarfMMixvXfGqTarS2Hm:ZIQLc5PhZvT6HoDCDMFOoz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b44f43437c477174 |
|
VISUAL
aHash
|
001cffffffffffff |
|
VISUAL
dHash
|
e0b01636b498b434 |
|
VISUAL
wHash
|
0000838fd7cfdf8f |
|
VISUAL
colorHash
|
06007000400 |
|
VISUAL
cropResistant
|
c9c9525656563636,f89e3234bcd8b434,00056ad4d4940080 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.