Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CEE28870F158B933469B91E7E2B567AF32E1C299EF13021193FD83AC87CAC91EE16451 |
|
CONTENT
ssdeep
|
384:pRasEsTgAy9mHaRvJrHlr4duzfz7FScPGkDR++df9kOkAG6YX1x1C6ALkfZ0:XasEF90cvJrHlr4duxSm1vf9AOYX5M |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ccce333198ce6731 |
|
VISUAL
aHash
|
0000003c18000000 |
|
VISUAL
dHash
|
0000007030000000 |
|
VISUAL
wHash
|
003c7e7e7e7e3c00 |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
0000007030000000 |
• Amenaza: Servicio fraudulento
• Objetivo: Usuarios de Telegram
• Método: Página maliciosa de servicios prohibidos
• Exfil: Ejecución de JS ofuscado
• Indicadores: Dominio reciente, palabra clave 'Telegram', ofuscación
• Riesgo: Alto
Promotes fraudulent 'banning' services to lure victims, likely to steal credentials or payments.
Uses unescape-based obfuscation to hide malicious payloads.