EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of telegram.dog

Detection Info

http://telegram.dog/s/vabastegiat?before=31490
Detected Brand
Telegram
Country
International
Confidence
100%
HTTP Status
200
Report ID
3c385353-4c3…
Analyzed
2026-01-06 04:19
Final URL (after redirects)
https://telegram.dog/s/vabastegiat?before=31490

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T18304A5B68332CA2F36C38BCE74A136617ED1C68DE5064D42B3DD77249640EB8F81675A
CONTENT ssdeep
3072:CQv8L3MGPYrUqDheQdkTTIry122q1CyoNdusEWv2mZBydsZpSy4/BnsGoaHfZvR2:CQv8L3MGPYrUqDheakTTIry122q1Cyof

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b3b3cecc31ccb1c0
VISUAL aHash
ff0f0f0740e0f8c4
VISUAL dHash
fd99999f9e986498
VISUAL wHash
ff0f0f0703e0f8c4
VISUAL colorHash
062d0000000
VISUAL cropResistant
fd99999f9e986498,8486868686868696,783c0c0a1e1a1a12,767a7a5e76767676

Code Analysis

Risk Score 94/100
Threat Level HIGH
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 Card Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing page impersonating Telegram
• Target: Telegram users
• Method: Fake Telegram interface with download button
• Exfil: Data sent to Telegram bot (token: 6123456789:ABC...)
• Indicators: Suspicious URL domain, mismatched branding, obfuscated JavaScript
• Risk: HIGH - Potential malware distribution

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • fromCharCode
  • document.write
  • base64_strings

🎯 Kit Endpoints

  • //telegram.org/blog

📡 API Calls Detected

  • GET
  • get
  • POST
  • /auth?bot_id=

📤 Form Action Targets

  • /s/vabastegiat

Scan History for telegram.dog

Found 10 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.