Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CEE28870F158B933469B91E7E2B567AF32E1C299EF13021193FD83AC87CAC91EE16451 |
|
CONTENT
ssdeep
|
384:pRasEsTgAy9mHaRvJrHlr4duzfz7FScPGkDR++df9kOkAG6YX1x1C6ALkfZ0:XasEF90cvJrHlr4duxSm1vf9AOYX5M |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ccce333198ce6731 |
|
VISUAL
aHash
|
0000003c18000000 |
|
VISUAL
dHash
|
0000007030000000 |
|
VISUAL
wHash
|
003c7e7e7e7e3c00 |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
0000007030000000 |
• Threat: Fraudulent Service
• Target: Telegram Users
• Method: Malicious landing page for prohibited services
• Exfil: Obfuscated JS execution
• Indicators: Domain age (10 days), keyword 'Telegram', obfuscation
• Risk: High
Promotes fraudulent 'banning' services to lure victims, likely to steal credentials or payments.
Uses unescape-based obfuscation to hide malicious payloads.