Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://shippingagreementdocuslgn.appwrite.network/
Detected Brand
DocuSign
Country
USA
Confidence
100%
HTTP Status
200
Report ID
39745934-f4a…
Analyzed
2026-01-02 09:24
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BF1299A911A38EAF014384E4719AEF5F71D5C208CFA7D24D716C51A9B7DBC53ACD026C |
|
CONTENT
ssdeep
|
192:+kDfM6x5dL0D8HmVdkDdHkQ7VzD8HLjkebij87DdHQj7vHj1Njzy:jDjdL0D8HwaDdHJBD8HLjkebij87DdH/ |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a6d8d87266d95272 |
|
VISUAL
aHash
|
7c5f676767673f7f |
|
VISUAL
dHash
|
99bc8ccdcfcdf0c6 |
|
VISUAL
wHash
|
6c1f072723071f37 |
|
VISUAL
colorHash
|
07001008088 |
|
VISUAL
cropResistant
|
99bc8ccdcfcdf0c6,4098606424208800,010061c9c9010101 |
Code Analysis
Risk Score
100/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
Telegram Exfiltration
🔬 Threat Analysis Report
• Threat: Credential harvesting phishing kit impersonating DocuSign
• Target: DocuSign users
• Method: Fake login page using email provider options to steal credentials
• Exfil: Data sent to a Telegram bot (token: 7627445601:AAHUIJ8JU9-WzSz9Y3LJ3GiAyKjDgiSKZ1Y)
• Indicators: Domain mismatch, free hosting, Telegram exfiltration, obfuscated Javascript, forms detected.
• Risk: CRITICAL - Real-time credential theft.
🔒 Obfuscation Detected
- fromCharCode
- unicode_escape
🔑 Telegram Bot Tokens (1)
- 7627445601:AAHU...DgiSKZ1Y
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
DocuSign
http://security-static-page--tapawha.replit.app/
Jun 09, 2026
DocuSign
https://security-server-page--andydickssonahs.replit.app/
Jun 09, 2026
DocuSign
https://secure-page-editor--schoolfeesinabu.replit.app/
May 28, 2026
Unknown
https://cdn.gosafemode.com/screenshots/b58edf2a9a3b.png
May 27, 2026
Unknown
https://cdn.gosafemode.com/screenshots/aa6c798665d2.png
May 26, 2026
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.