Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18304A5B68332CA2F36C38BCE74A136617ED1C68DE5064D42B3DD77249640EB8F81675A |
|
CONTENT
ssdeep
|
3072:CQv8L3MGPYrUqDheQdkTTIry122q1CyoNdusEWv2mZBydsZpSy4/BnsGoaHfZvR2:CQv8L3MGPYrUqDheakTTIry122q1Cyof |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3b3cecc31ccb1c0 |
|
VISUAL
aHash
|
ff0f0f0740e0f8c4 |
|
VISUAL
dHash
|
fd99999f9e986498 |
|
VISUAL
wHash
|
ff0f0f0703e0f8c4 |
|
VISUAL
colorHash
|
062d0000000 |
|
VISUAL
cropResistant
|
fd99999f9e986498,8486868686868696,783c0c0a1e1a1a12,767a7a5e76767676 |
• Threat: Phishing page impersonating Telegram
• Target: Telegram users
• Method: Fake Telegram interface with download button
• Exfil: Data sent to Telegram bot (token: 6123456789:ABC...)
• Indicators: Suspicious URL domain, mismatched branding, obfuscated JavaScript
• Risk: HIGH - Potential malware distribution
Found 10 other scans for this domain