Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T145B3FFB3C142A53702A3C2D56735BB6EB3C2514FCA570A9282F9C36E9F87C92ED2151D |
|
CONTENT
ssdeep
|
3072:2B/1OWz6B/Jpy7J8A8EkVokoxogoHo2olo0oRokoxogoHo2olo0o4SSSS:2B/1OWz6B/Jpy7RkVokoxogoHo2olo0d |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ce46b930c7b839c5 |
|
VISUAL
aHash
|
303030303000ffff |
|
VISUAL
dHash
|
6364606164e3350a |
|
VISUAL
wHash
|
b038383c3001ffff |
|
VISUAL
colorHash
|
330010100c0 |
|
VISUAL
cropResistant
|
a0a0a0a080a0802b,425242168a220a3a,010340113c43832a,636460606164608b |
• Threat: Brand impersonation phishing targeting Apple customers.
• Target: Individuals looking to purchase Apple products.
• Method: The site attempts to trick users into believing they are purchasing from an authorized Apple dealer on a non-official domain.
• Exfil: Unknown data exfiltration method as no forms are visible, but JS form submission is detected.
• Indicators: Domain mismatch (www.samtdpp.com vs Apple.com), possible data exfiltration via JavaScript, presence of Apple branding.
• Risk: HIGH - This site is likely to attempt to steal financial information, personal data, or sell counterfeit products.