Phishing Analysis
Detailed analysis of captured phishing page
100
Risk Score
High Risk
Threat Level: ALTO
• Impersonating: Galicia
⚠ Risk Factors
- Contains 1 Telegram bot token(s) for credential exfiltration
- Contains 1 form(s) with JavaScript submission
- JavaScript obfuscation detected (5 patterns)
- Credential harvesting indicators detected
- OTP/2FA stealing indicators detected
Visual Capture
Detection Info
https://galiciaonline.z14.web.core.windows.net
Detected Brand
Galicia
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
c6674b27-e1b…
Analyzed
2026-01-10 02:09
Final URL (after redirects)
https://galiciaonline.z14.web.core.windows.net/
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B5E16578B1E007B761D783B3B291EF25A9DDC747DA63D9A6F2E4C24A02DDC50DD02280 |
|
CONTENT
ssdeep
|
96:VdZWEBJDTzuCsO1ZzuCh1hzuC/zEi0TseCm1shJ7GmBPJ/F0KOuzvkdpV8+:VdZWIJhJdJ4MeCm1s7SiPRFOuzsb |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d9b5a9b2b28b5249 |
|
VISUAL
aHash
|
f8f8f8f8f8f8f8f8 |
|
VISUAL
dHash
|
d292123030101211 |
|
VISUAL
wHash
|
78d8f898c8d8f8d8 |
|
VISUAL
colorHash
|
062c0010000 |
|
VISUAL
cropResistant
|
d292123030101211,7d7b8cd3d2c948c8,e2d2d99e8cca8ec8,4ec6c6868c1a71c6,6f2c97452e8b1b0e,644dce5637c39d1f |
Code Analysis
Risk Score
100/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
Telegram Exfiltration
🔒 Obfuscation Detected
- atob
- fromCharCode
- unicode_escape
- js_packer
- base64_strings
🔑 Telegram Bot Tokens (1)
- 8426370078:AAHD...qS80LjFw
Scan History for galiciaonline.z14.web.core.windows.net
Found 1 other scan for this domain