EN ES PT
Back to Stats

Visual Capture

Screenshot of billionaire12345.github.io

Detection Info

https://billionaire12345.github.io/trustedcontactfacebook/
Detected Brand
Facebook
Country
International
Confidence
100%
HTTP Status
200
Report ID
c0b2465c-4d6…
Analyzed
2026-02-09 00:13

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1A241346390088C3B4632C5E4A7D3F509AE96C683CF46254067E8D7EE5BD3F50CDA61D9
CONTENT ssdeep
48:GHupJDudUdtppmDu3Tb+zaj4sbqkN48SCoX:WuTZHWs2g9nW

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b3338ccc66339999
VISUAL aHash
e7e7ffe7e7ffffff
VISUAL dHash
0808324d0c080000
VISUAL wHash
27273f2707070f0f
VISUAL colorHash
070000001c0
VISUAL cropResistant
0808324d0c080000

Code Analysis

Risk Score 90/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer
Telegram Exfiltration

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Facebook users
• Method: Impersonation via login page.
• Exfil: Unknown, likely credential harvesting
• Indicators: Free hosting, brand logo, form.
• Risk: High

🔑 Telegram Bot Tokens (1)

  • 8555214864:AAFD...mSkctb2Y

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Free Hosting
The site is hosted on free hosting, a common tactic in phishing.
Brand Impersonation
The site mimics Facebook login page.
Form on Page
The presence of a login form raises suspicion.
Telegram token exfiltration detected
The JavaScript contains a Telegram Bot token for exfiltration.

🔬 Comprehensive Threat Analysis

Threat Type
Two-Factor Authentication Stealer
Target
Facebook users (International)
Attack Method
Brand impersonation + credential harvesting forms
Exfiltration Channel
Telegram Bot (8555214864:AAFDB4B7O...)
Risk Assessment
CRITICAL - Automated credential harvesting with Telegram Bot (8555214864:AAFDB4B7O...)

⚠️ Indicators of Compromise

  • 1 Telegram bot token(s)
  • Kit types: Credential Harvester, OTP Stealer

🏢 Brand Impersonation Analysis

Impersonated Brand
Facebook
Official Website
https://www.facebook.com
Fake Service
Login

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The site uses a fake login form to steal Facebook credentials. Users are tricked into entering their login information, which is then sent to the attacker.

Secondary Method: Phishing through a legitimate platform

The attacker abuses free hosting platform to impersonate legitimate services.

📡 Telegram Command & Control Infrastructure

Bot Token (Masked)
8555214864:AAFD...mSkctb2Y
Bot ID
8555214864
Group/Chat ID
Unknown
Operator Language
Unknown

💬 Message Templates (3)

ID Portuguese English Trigger

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
billionaire12345.github.io
Registered
Unknown
Registrar
Unknown
Status
Active

🤖 AI-Extracted Threat Intelligence

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.