Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17CA1B7E664887B32028741A3B7B58F5777B4A1CCEA172105507F438D47C69EB9B439E2 |
|
CONTENT
ssdeep
|
96:GrG6JHnf2nFnjl+XAWTBRrAfeHW24EWciajfZ:fgAWVWm223Z |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
987434739b9a93b2 |
|
VISUAL
aHash
|
40420c3c3c6c444c |
|
VISUAL
dHash
|
9c961d7179599c98 |
|
VISUAL
wHash
|
c3c3c7ff3c3c040c |
|
VISUAL
colorHash
|
07001000007 |
|
VISUAL
cropResistant
|
9c961d7179599c98 |
• Threat: Brand impersonation phishing
• Target: Ubuntu users
• Method: Fake Apache2 default page to deceive users
• Exfil: No data exfiltration detected
• Indicators: Domain mismatch, generic content
• Risk: HIGH - Potential for further exploitation
Pages with identical visual appearance (based on perceptual hash)