EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats
95 Risk Score

High Risk

Threat Level: ALTO • Impersonating: Gmx

⚠ Risk Factors

  • Brand impersonation of Gmx on non-official domain
  • Contains 1 credential harvesting form(s)
  • JavaScript obfuscation detected (7 patterns)
  • Credential harvesting indicators detected
  • OTP/2FA stealing indicators detected

Visual Capture

Screenshot of docs.google.com

Detection Info

https://docs.google.com/forms/d/e/1FAIpQLSfFA4-wTso3U7qHSJrj3Z7a8LGI-iscXTDByEQ9MFBO9EkNnQ/viewform?usp=sf_link
Detected Brand
Gmx
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
bd7bfde9-c11…
Analyzed
2026-01-09 08:15
Final URL (after redirects)
https://docs.google.com/forms/d/e/1FAIpQLSfFA4-wTso3U7qHSJrj3Z7a8LGI-iscXTDByEQ9MFBO9EkNnQ/viewform

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1B592A432A1216C3B46075AE1B8B5AB0F72E7D35FC81B10A11BFD5BD51BE6C91E80770A
CONTENT ssdeep
384:71F+G+sFh6ZxxoPpfXRLyzQV45XitTuX8pYpm/pwwYuYVY1:ihsT6ZxxoPp0dYCsiKq/561

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
8666666664cf9999
VISUAL aHash
c3c3fdfdbdbdbd4f
VISUAL dHash
050d703030307090
VISUAL wHash
04003c3c3f3f3f1f
VISUAL colorHash
070000001c0
VISUAL cropResistant
050d703030307090

Code Analysis

Risk Score 95/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • base64_strings

Scan History for docs.google.com

Found 10 other scans for this domain