EN ES PT
Back to Stats

Visual Capture

No screenshot available

Detection Info

https://falabellingres.webcindario.com/
Detected Brand
Unknown
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
35d6fc02-903โ€ฆ
Analyzed
2026-01-26 14:29

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T19BC1C73551448C3DA63BC2A8D3B5372B61A6C245CA4302F6C7F103BEA7E6D99DC670E8
CONTENT ssdeep
96:V09TBn9YLfqtHczu9rbUTaZ4KArrCbyTCu:q9TYu9UmZ4KArrWyTCu

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b333998c666666cc
VISUAL aHash
e7e7e7e7ffffffef
VISUAL dHash
0c0c4c4d000c000c
VISUAL wHash
e0e0e0e03f3f2727
VISUAL colorHash
07000000000
VISUAL cropResistant
0c0c4c4d000c000c

Code Analysis

Risk Score 100/100
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Banking ๐ŸŽฃ Personal Info
Discord Webhook

๐Ÿ”’ Obfuscation Detected

  • atob
  • fromCharCode
  • hex_escape
  • unicode_escape
  • base64_strings

๐Ÿ“ก API Calls Detected

  • GET
  • https://www.google.com/ccm/geo
  • POST
  • /hosting__contador__visitas__unicas.php
  • https://api.ipify.org?format=json

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected multiple phishing kit types: Credential Harvester, OTP Stealer, Banking, and Personal Info. Indicates a sophisticated, multi-stage attack framework.
Obfuscation Techniques
154 obfuscation techniques detected, including code minification, string encoding, and dynamic function execution to evade detection.
Malicious JavaScript Files
Presence of 3 suspicious JavaScript files (show_ads_impl_fy2021.js, adsbygoogle.js, miarroba_23335.js) totaling 0.9 MB, likely containing malicious payloads.
Exfiltration Channels
Detected Discord webhook for data exfiltration, enabling real-time transmission of stolen credentials to attackers.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
General public
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Discord Webhooks (1 detected)
Risk Assessment
CRITICAL - Automated credential harvesting with Discord Webhooks (1 detected)

โš ๏ธ Indicators of Compromise

  • 1 Discord webhook(s)
  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 154 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Fake Service
Unknown (no specific brand impersonation detected)

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

The phishing kit employs form-based credential harvesting to capture user inputs in real-time. Data is likely intercepted via JavaScript event listeners on form fields, then transmitted to a Discord webhook for exfiltration.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs) by mimicking legitimate OTP input fields. Captured OTPs are sent alongside credentials to bypass multi-factor authentication.

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
falabellingres.webcindario.com
Registered
2001-02-28 12:45:04+00:00
Registrar
TUCOWS.COM, CO.
Status
Active (9098 days old)

๐Ÿฆ  Malicious Files

Main File
File Size

Contains obfuscated JavaScript with potential credential harvesting and data exfiltration capabilities.

๐Ÿ”Œ External APIs Abused

discord
  • webhook: Detected

๐Ÿ“Š Attack Flow Diagram

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 1. INITIAL CONTACT                                       โ”‚
โ”‚    - Victim receives phishing message                    โ”‚
โ”‚    - Directed to fake Banking site                       โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                     โ”‚
                     โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 2. FAKE LOGIN PAGE                                       โ”‚
โ”‚    - Mimics legitimate Banking site                     โ”‚
โ”‚    - Presents credential input form                      โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                     โ”‚
                     โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 3. CREDENTIAL CAPTURE                                    โ”‚
โ”‚    - Victim enters Banking credentials                   โ”‚
โ”‚    - Data collected by attacker                          โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                     โ”‚
                     โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 4. DATA TRANSMISSION                                     โ”‚
โ”‚    - Stolen credentials sent to external service         โ”‚
โ”‚    - Single communication channel used                   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
```

๐Ÿ”ฌ JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
926.4ย KB

๐Ÿ”— API Endpoints Detected

Other
49

๐Ÿ” Obfuscation Detected

  • : Heavy
  • : Moderate
  • : None
  • : Moderate

๐Ÿค– AI-Extracted Threat Intelligence

๐Ÿ“Š Attack Flow

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 1. INITIAL CONTACT                                       โ”‚
โ”‚    - Victim receives phishing message                    โ”‚
โ”‚    - Directed to fake Banking site                       โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                     โ”‚
                     โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 2. FAKE LOGIN PAGE                                       โ”‚
โ”‚    - Mimics legitimate Banking site                     โ”‚
โ”‚    - Presents credential input form                      โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                     โ”‚
                     โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 3. CREDENTIAL CAPTURE                                    โ”‚
โ”‚    - Victim enters Banking credentials                   โ”‚
โ”‚    - Data collected by attacker                          โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                     โ”‚
                     โ–ผ
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ 4. DATA TRANSMISSION                                     โ”‚
โ”‚    - Stolen credentials sent to external service         โ”‚
โ”‚    - Single communication channel used                   โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
```

๐ŸŽฏ Malicious Files Identified

๐ŸŒ External APIs Abused

  • discord

Scan History for falabellingres.webcindario.com

Found 1 other scan for this domain

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.