EN ES PT
Back to Stats

Visual Capture

Screenshot of kingbans.xyz

Detection Info

https://kingbans.xyz/
Detected Brand
Telegram
Country
International
Confidence
100%
HTTP Status
200
Report ID
5e9038de-278…
Analyzed
2026-07-15 11:20

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1CEE28870F158B933469B91E7E2B567AF32E1C299EF13021193FD83AC87CAC91EE16451
CONTENT ssdeep
384:pRasEsTgAy9mHaRvJrHlr4duzfz7FScPGkDR++df9kOkAG6YX1x1C6ALkfZ0:XasEF90cvJrHlr4duxSm1vf9AOYX5M

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
ccce333198ce6731
VISUAL aHash
0000003c18000000
VISUAL dHash
0000007030000000
VISUAL wHash
003c7e7e7e7e3c00
VISUAL colorHash
38000038000
VISUAL cropResistant
0000007030000000

Code Analysis

Risk Score 73/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Fraudulent Service
• Target: Telegram Users
• Method: Malicious landing page for prohibited services
• Exfil: Obfuscated JS execution
• Indicators: Domain age (10 days), keyword 'Telegram', obfuscation
• Risk: High

🔒 Obfuscation Detected

  • unescape

📡 API Calls Detected

  • POST

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Recent Domain
Domain created 10 days ago
Malicious Intent
Promotion of account banning services

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Telegram users (International)
Attack Method
Brand impersonation + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 2 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Telegram
Official Website
https://telegram.org
Fake Service
Telegram Account Banning

Fraudulent Claims

⚔️ Attack Methodology

Primary Method: Illicit Service Promotion

Promotes fraudulent 'banning' services to lure victims, likely to steal credentials or payments.

Secondary Method: JS Obfuscation

Uses unescape-based obfuscation to hide malicious payloads.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
kingbans.xyz
Registered
2026-07-05
Registrar
Unknown
Status
Active

🤖 AI-Extracted Threat Intelligence

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.