EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of ekli2610.cfd

Información de Detección

https://ekli2610.cfd/hizligirisiniz.php
Detected Brand
e-Devlet Kapısı
Country
Turkey
Confianza
95%
HTTP Status
200
Report ID
5cb720dc-f5a…
Analyzed
2026-01-30 05:00

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T19D12EB9018556C3E435253CEEA92D72592CBC372CB10790992F4AB6E3FE6F90CFD6219
CONTENT ssdeep
96:0xejij9hryuNFr7vzc3DTFo+rb+AAI78n8gY2n8kAu2MSxt6kS0qDNbfITZR+Wdx:nizt83DTLbQ8i8XMYt6kS0GN0j+2

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
f6d9a96689592619
VISUAL aHash
fcfcccfcf4e0c0d0
VISUAL dHash
00101008680c1014
VISUAL wHash
f8f8d8ecfce480c0
VISUAL colorHash
07000000180
VISUAL cropResistant
00101008680c1014

Análisis de Código

Risk Score 50/100
Nivel de Amenaza ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de e-Devlet Kapısı
• Método: Impersonación de la página de inicio de sesión
• Exfil: log-isleniyor.php (probablemente)
• Indicadores: Dominio nuevo, envío de formulario, suplantación de marca
• Riesgo: Alto

🔐 Credential Harvesting Forms

🎯 Kit Endpoints

  • log-isleniyor.php

📤 Form Action Targets

  • log-isleniyor.php

📊 Desglose de Puntuación de Riesgo

Total Risk Score
90/100

Contributing Factors

Recent Domain
The domain is very recently registered, a strong indicator of phishing.
Domain Mismatch
The domain does not match the expected domain of the target brand.
Form Submission to Suspicious Location
The form submits to a PHP script, commonly used in phishing campaigns.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Credential Harvesting Kit
Objetivo
e-Devlet Kapısı users (Turkey)
Método de Ataque
Brand impersonation + credential harvesting forms
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
MEDIUM - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester

🏢 Análisis de Suplantación de Marca

Impersonated Brand
e-Devlet Kapısı
Official Website
www.turkiye.gov.tr
Fake Service
e-Devlet Kapısı Login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker attempts to steal user credentials by mimicking the e-Devlet Kapısı login page and capturing the username and password.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
ekli2610.cfd
Registered
2024-05-09
Registrar
NameCheap
Estado
None

🔬 JavaScript Deep Analysis

Total Code Size
6,3 KB

🔐 Obfuscation Detected

  • : None
  • : None
  • : None

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
e-Devlet (türkiye.gov.tr)
https://e-devlet-portal-giris.haksizfil.cfd/login.php
May 21, 2026
 Screenshot
e-Devlet
https://cloudauth-gateway.com/p/u/uVKvCQLfGB
May 06, 2026
 Screenshot
e-Devlet
https://ekosgeb.com/login
Abr 20, 2026
 Screenshot
e-Devlet Kapısı (Turkey's e-government portal)
https://hizli-basvurum.vip/hizligirisiniz.php
Mar 01, 2026
 Screenshot
e-Devlet Kapısı (Turkey's e-government portal)
https://hizli-basvurum.vip/hizligirisiniz.php
Feb 28, 2026
😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.