Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18304A5B68332CA2F36C38BCE74A136617ED1C68DE5064D42B3DD77249640EB8F81675A |
|
CONTENT
ssdeep
|
3072:CQv8L3MGPYrUqDheQdkTTIry122q1CyoNdusEWv2mZBydsZpSy4/BnsGoaHfZvR2:CQv8L3MGPYrUqDheakTTIry122q1Cyof |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3b3cecc31ccb1c0 |
|
VISUAL
aHash
|
ff0f0f0740e0f8c4 |
|
VISUAL
dHash
|
fd99999f9e986498 |
|
VISUAL
wHash
|
ff0f0f0703e0f8c4 |
|
VISUAL
colorHash
|
062d0000000 |
|
VISUAL
cropResistant
|
fd99999f9e986498,8486868686868696,783c0c0a1e1a1a12,767a7a5e76767676 |
• Ameaça: Página de phishing que se passa por Telegram
• Alvo: Usuários do Telegram
• Método: Interface falsa do Telegram com botão de download
• Exfil: Dados enviados para bot do Telegram (token: 6123456789:ABC...)
• Indicadores: Domínio de URL suspeito, marca não coincidente, JavaScript ofuscado
• Risco: ALTO - Possível distribuição de malware
Found 10 other scans for this domain