EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of ekli2610.cfd

Detection Info

https://ekli2610.cfd/hizligirisiniz.php
Detected Brand
e-Devlet Kapısı
Country
Turkey
Confidence
95%
HTTP Status
200
Report ID
5cb720dc-f5a…
Analyzed
2026-01-30 05:00

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T19D12EB9018556C3E435253CEEA92D72592CBC372CB10790992F4AB6E3FE6F90CFD6219
CONTENT ssdeep
96:0xejij9hryuNFr7vzc3DTFo+rb+AAI78n8gY2n8kAu2MSxt6kS0qDNbfITZR+Wdx:nizt83DTLbQ8i8XMYt6kS0GN0j+2

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
f6d9a96689592619
VISUAL aHash
fcfcccfcf4e0c0d0
VISUAL dHash
00101008680c1014
VISUAL wHash
f8f8d8ecfce480c0
VISUAL colorHash
07000000180
VISUAL cropResistant
00101008680c1014

Code Analysis

Risk Score 50/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Phishing
• Target: e-Devlet Kapısı users
• Method: Impersonation of login page
• Exfil: log-isleniyor.php (likely)
• Indicators: New domain, form submission, brand impersonation
• Risk: High

🔐 Credential Harvesting Forms

🎯 Kit Endpoints

  • log-isleniyor.php

📤 Form Action Targets

  • log-isleniyor.php

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Recent Domain
The domain is very recently registered, a strong indicator of phishing.
Domain Mismatch
The domain does not match the expected domain of the target brand.
Form Submission to Suspicious Location
The form submits to a PHP script, commonly used in phishing campaigns.

🔬 Comprehensive Threat Analysis

Threat Type
Credential Harvesting Kit
Target
e-Devlet Kapısı users (Turkey)
Attack Method
Brand impersonation + credential harvesting forms
Exfiltration Channel
HTTP POST to backend
Risk Assessment
MEDIUM - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester

🏢 Brand Impersonation Analysis

Impersonated Brand
e-Devlet Kapısı
Official Website
www.turkiye.gov.tr
Fake Service
e-Devlet Kapısı Login

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker attempts to steal user credentials by mimicking the e-Devlet Kapısı login page and capturing the username and password.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
ekli2610.cfd
Registered
2024-05-09
Registrar
NameCheap
Status
None

🔬 JavaScript Deep Analysis

Total Code Size
6.3 KB

🔐 Obfuscation Detected

  • : None
  • : None
  • : None

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
e-Devlet (türkiye.gov.tr)
https://e-devlet-portal-giris.haksizfil.cfd/login.php
May 21, 2026
 Screenshot
e-Devlet
https://cloudauth-gateway.com/p/u/uVKvCQLfGB
May 06, 2026
 Screenshot
e-Devlet
https://ekosgeb.com/login
Apr 20, 2026
 Screenshot
e-Devlet Kapısı (Turkey's e-government portal)
https://hizli-basvurum.vip/hizligirisiniz.php
Mar 01, 2026
 Screenshot
e-Devlet Kapısı (Turkey's e-government portal)
https://hizli-basvurum.vip/hizligirisiniz.php
Feb 28, 2026
😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.