Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T139D1DB756161A8B3906BE7DA526DE30F72C7816CD9738B00E7F597CCABCEC9A9804443 |
|
CONTENT
ssdeep
|
96:tOV1K/ooE9qszUwcrKEN2lxUi5sQNlgPAXHPAOeml980cpdn:I1oREfcBN2llsuyPGHPzeVpR |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec4d9392676d1a92 |
|
VISUAL
aHash
|
7ffb9bf19f9fd3cf |
|
VISUAL
dHash
|
c03636c720222218 |
|
VISUAL
wHash
|
7cfb8af01e1282ce |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
c03636c720222218 |
Fake Telegram page designed to appear in search results and trick users into visiting. May redirect to credential harvesting pages, malware downloads, or serve as a trust-building step before requesting sensitive information.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)