Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://telega.one/
Detected Brand
Telegram
Country
International
Confidence
95%
HTTP Status
200
Report ID
df899302-23c…
Analyzed
2026-01-08 20:50
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1617263BA5338E42352E34BDEBB316719B2A3C19DCB620B0252B4970B6FD7D82CE5051D |
|
CONTENT
ssdeep
|
384:E+0AoBptKgtHeuGJuLbmw5HCzA8wHBFgihOvb0ZCW:EcoBr/tHjpSA8wHBFgihOvb0ZCW |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e699668b99669926 |
|
VISUAL
aHash
|
ffe7efc3c7e7c3e7 |
|
VISUAL
dHash
|
0b0a0e16160c0d0d |
|
VISUAL
wHash
|
80e3c3c3c3c7c7c3 |
|
VISUAL
colorHash
|
07006000080 |
|
VISUAL
cropResistant
|
0b0a0e16160c0d0d,cca5a4a5a4a2c04d |
Code Analysis
Risk Score
8/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🔬 Threat Analysis Report
• Threat: Phishing website impersonating Telegram
• Target: Telegram users worldwide
• Method: Mimics official Telegram website to deceive users
• Exfil: No direct exfiltration detected, but obfuscation in JavaScript
• Indicators: Domain mismatch, obfuscated JS, mimicked branding
• Risk: HIGH - Potential for credential theft or malware distribution
🔒 Obfuscation Detected
- fromCharCode
🎯 Kit Endpoints
- /blog/new-design-ai-summaries
- /blog/passkeys-and-gift-offers
- /blog/live-stories-gift-auctions
- /blog
📡 API Calls Detected
- /dev/stdout
- HEAD
- /dev/stdin
- GET
- /dev/stderr
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for telega.one
Found 5 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.