SafeMode - Analysis: outlooksss.github.io

EN ES PT

Back to Stats

Visual Capture

Detection Info

https://outlooksss.github.io/outlook

Detected Brand

Microsoft Outlook

Country

Unknown

Confidence

100%

HTTP Status

200

Report ID

5dc3208a-1ae…

Analyzed

2026-06-18 10:19

Final URL (after redirects)

https://outlooksss.github.io/outlook/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T126310E707004BD37034296D467A67B6AB785C197CA873A0459F983EE8BFAE86CD14162
CONTENT ssdeep	24:hR/CfUV2dPjTN/+TN/0AOiZhgdF3Q8v2I3z91us7lWFNtB75hU1KGw3y8se:Tz4dPjTNmTNMo0JQu2gV7gFFTKe

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	dc2b372cd8996626
VISUAL aHash	000000f8fcfcfcfc
VISUAL dHash	7f4c283220200000
VISUAL wHash	000000f8fcfefefe
VISUAL colorHash	07000000180
VISUAL cropResistant	7f4c283220200000

Code Analysis

Risk Score 75/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

Telegram Exfiltration

🔑 Telegram Bot Tokens (1)

7018256337:AAHX...QfYqYX1Y

📊 Risk Score Breakdown

Total Risk Score

75/100

Contributing Factors

Active Phishing Kit

Detected kit types: Credential Harvester

Credential Harvesting

Credential harvesting detected with 1 form(s) capturing sensitive data

Telegram Exfiltration

Real-time data exfiltration via Telegram (1 bot token(s) exposed in client-side code)

🔬 Comprehensive Threat Analysis

Threat Type

Credential Harvesting Kit

Target

Microsoft Outlook users

Attack Method

credential harvesting forms

Exfiltration Channel

Telegram Bot (7018256337:AAHX2iHAf...)

Risk Assessment

HIGH - Automated credential harvesting with Telegram Bot (7018256337:AAHX2iHAf...)

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester

🏢 Brand Impersonation Analysis

Impersonated Brand

Microsoft Outlook

Official Website

N/A

Fake Service

Credential harvesting service

⚔️ Attack Methodology

Primary Method: Credential Harvesting

Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.

Secondary Method: Client-Side Form Interception

JavaScript intercepts form submissions before they reach the fake backend. This allows real-time credential harvesting and validation without server round-trips.

📡 Telegram Command & Control Infrastructure

Bot Token (Masked)

7018256337:AAHX...QfYqYX1Y

Bot ID

7018256337

Group/Chat ID

Unknown

Operator Language

Unknown

💬 Message Templates (3)

ID	Portuguese	English	Trigger

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain

outlooksss.github.io

Registered

Unknown

Registrar

Unknown

Status

Hosting platform (subdomain)

Hosting Information

Provider

Unknown

ASN

🤖 AI-Extracted Threat Intelligence

😰

"I Never Thought It Would Happen to Me"

That's what 2.3 million victims say every year. Don't wait to become a statistic.