Unmasking the Classiscam in Central Asia

This report describes an active, regionally focused phishing campaign called Classiscam that leverages Telegram bots and phishing site templates to defraud online marketplace sellers and harvest banking credentials across Central Asia. It includes observed phishing domains and subdomains, sample HTML/JS snippets showing credential exfiltration and IP tracking, details on a Telegram bot (Namangun) and Falcon API used to generate links, and practical recommendations to detect and avoid these scams.