Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18304A5B68332CA2F36C38BCE74A136617ED1C68DE5064D42B3DD77249640EB8F81675A |
|
CONTENT
ssdeep
|
3072:CQv8L3MGPYrUqDheQdkTTIry122q1CyoNdusEWv2mZBydsZpSy4/BnsGoaHfZvR2:CQv8L3MGPYrUqDheakTTIry122q1Cyof |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3b3cecc31ccb1c0 |
|
VISUAL
aHash
|
ff0f0f0740e0f8c4 |
|
VISUAL
dHash
|
fd99999f9e986498 |
|
VISUAL
wHash
|
ff0f0f0703e0f8c4 |
|
VISUAL
colorHash
|
062d0000000 |
|
VISUAL
cropResistant
|
fd99999f9e986498,8486868686868696,783c0c0a1e1a1a12,767a7a5e76767676 |
• Amenaza: Página de phishing que suplanta a Telegram
• Objetivo: Usuarios de Telegram
• Método: Interfaz falsa de Telegram con botón de descarga
• Exfil: Datos enviados a bot de Telegram (token: 6123456789:ABC...)
• Indicadores: Dominio de URL sospechoso, marca no coincidente, JavaScript ofuscado
• Riesgo: ALTO - Posible distribución de malware
Found 10 other scans for this domain