EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

No screenshot available

Detection Info

http://colmenaresguzman.cl/two.html
Detected Brand
Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
1248d986-ff3…
Analyzed
2026-02-05 11:57
Final URL (after redirects)
https://colmenaresguzman.cl/two.html

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1C722A632B1589C2F5583C3E5ABF1A62F72EDD350CF0286A685D4DB184FCBD94C9B2491
CONTENT ssdeep
192:KvZP7YM439Pe4uykvlj1jLBI00zrzMl6KR0zrzMC:oZPTkhLuykvlj132nMl6KyMC

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b3cc6633992399cc
VISUAL aHash
fffffffbdbe7a5db
VISUAL dHash
302a323232084d30
VISUAL wHash
f8f8d8d83b3b0303
VISUAL colorHash
070000001c0
VISUAL cropResistant
302a323232084d30

Code Analysis

Risk Score 70/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Unknown
• Method: Forms requesting sensitive data
• Exfil: config/telegram.php
• Indicators: Request for PII and financial details.
• Risk: HIGH

🔐 Credential Harvesting Forms

📤 Form Action Targets

  • config/telegram.php

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Suspicious form
Requests sensitive personal and financial information (PII, IBAN) in a form.
Exfiltration target
The form action points to an exfiltration target via config/telegram.php
Domain mismatch
Domain has no apparent connection to any legitimate brand.

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
General public
Attack Method
credential harvesting forms
Exfiltration Channel
HTTP POST to backend
Risk Assessment
HIGH - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking

🏢 Brand Impersonation Analysis

Impersonated Brand
Unknown
Fake Service
Unknown

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The site uses a form to collect sensitive personal and financial information such as name, address, IBAN, date of birth, phone number, and email. This data is likely being harvested to be used for identity theft or financial fraud.

Secondary Method: Exfiltration via Telegram

The form data is sent to a PHP script and then exfiltrated via Telegram. This allows the attackers to collect the information without it being stored on the server.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
colmenaresguzman.cl
Registered
2018-04-02
Registrar
Unknown
Status
Active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://sample-painting.com/two.html
Jun 19, 2026
 Screenshot
Bunq
http://oesa.or.th/two.html
Jan 07, 2026
No screenshot
Bunq
http://web-3253.web-interface.eu/two.html
Jan 01, 2026
No screenshot
Bunq
https://web-3254.web-interface.eu/two.html
Jan 01, 2026
 Screenshot
Bunq
https://oesa.or.th/two.html
Dec 31, 2025
😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.