Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FFC12F784194A96B1193E2D09B79032BB780C2A7C9331F44E7F5C74DDEC6E0ACC6675A |
|
CONTENT
ssdeep
|
96:tZ0mTmdxfhBmsOAg8t5FXMdsjoI/paYkJCS7S9Xzqp:+XhBm9r8t5idsjyYkJp7iDqp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8c08f4f19e8ee8f4 |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
2bf7f1699f022706 |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
026023232800ffff,5495b5bbe4d4c4cc,9292922424929292,ff001b2623000732,ffeff7f1f369699f |
Fake Telegram page designed to appear in search results and trick users into visiting. May redirect to credential harvesting pages, malware downloads, or serve as a trust-building step before requesting sensitive information.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.