Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EFF126724198E86B0255E2D8EB36633FEB6195979C134E89C5F14F3C9FC6D52C803AC9 |
|
CONTENT
ssdeep
|
192:ueMrojGbB3gRJljsqnyCgxr6yXNQEFP+m7RUYJjyKPlI89nW+zpMwB7KCndgUVfA:ueWRRg3ljskXoi |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bc3c9292c86d65c7 |
|
VISUAL
aHash
|
ff878383ffe7ffff |
|
VISUAL
dHash
|
331e2616c98caaaa |
|
VISUAL
wHash
|
ff838383ff24424a |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
331e2616c98caaaa,8adaae8acaced0c8,f4cacecacaccc8ee |
Fake Telegram page designed to appear in search results and trick users into visiting. May redirect to credential harvesting pages, malware downloads, or serve as a trust-building step before requesting sensitive information.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)