EN ES PT
Back to Stats

Visual Capture

No screenshot available

Detection Info

https://mitramitecancelacion.on-forge.com/seguroalli
Detected Brand
Bancolombia
Country
Colombia
Confidence
100%
HTTP Status
200
Report ID
5e3ab66a-19bโ€ฆ
Analyzed
2026-01-25 23:52

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1FCC2CAB0225306E663BBC9F4B3597F2578D5E3ABC44B80C8A5B550788FC7E7CAB09560
CONTENT ssdeep
384:+xXhPh1VljnIykz+o2vQ/F1k2cKvXjcW1+9hT0fbJ:WXhp1VpIyk+o2ve1k2cK/j5o9E1

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
fbc1d48cc78e90a5
VISUAL aHash
ffc9c5e1a3858181
VISUAL dHash
671b19494f1d1d5d
VISUAL wHash
ffcbc1e1e3858181
VISUAL colorHash
07600008000
VISUAL cropResistant
671b19494f1d1d5d,6b7a5cdcc9899892,0f3f6ecf9b31e164,8e156c654b2acbcf,b57c783870073f78,b02b6765714e59f3,4e430d2643419080

Code Analysis

Risk Score 85/100
Threat Level BAJO
๐ŸŽฃ Credential Harvester ๐ŸŽฃ OTP Stealer ๐ŸŽฃ Banking

๐Ÿ”ฌ Threat Analysis Report

โ€ข Threat: Potential data harvesting through obfuscated JavaScript and form submissions.
โ€ข Target: Bancolombia users.
โ€ข Method: Unknown. The site appears to be a partner.
โ€ข Exfil: Unknown at this time.
โ€ข Indicators: Unusual TLD, obfuscated JavaScript, old domain.
โ€ข Risk: LOW - While the TLD is unusual and there is obfuscated Javascript, the domain does appear related.

๐Ÿ”’ Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • document.write
  • base64_strings

๐Ÿ“ก API Calls Detected

  • /proceso/llamada
  • /proceso/chat

๐Ÿ“Š Risk Score Breakdown

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester, OTP Stealer, and Banking kits targeting financial institutions.
Obfuscation Techniques
26 obfuscation techniques detected in JavaScript files, indicating evasion of static analysis.
Brand Impersonation
Impersonates Bancolombia, a major financial institution, increasing victim trust.
Malicious JavaScript
Malicious JavaScript file (app-DD_cA9BU.js) with obfuscation, sized at 0.32 MB.

๐Ÿ”ฌ Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Bancolombia users (Colombia)
Attack Method
obfuscated JavaScript
Exfiltration Channel
Unknown
Risk Assessment
CRITICAL - Automated credential harvesting with Unknown

โš ๏ธ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking
  • 26 obfuscation techniques

๐Ÿข Brand Impersonation Analysis

Impersonated Brand
Bancolombia
Official Website
https://www.bancolombia.com
Fake Service
Account verification or security update

โš”๏ธ Attack Methodology

Primary Method: Credential Harvesting

The phishing kit captures login credentials entered by victims on a fake Bancolombia portal. The credentials are likely transmitted in real-time to an attacker-controlled server for immediate exploitation.

Secondary Method: OTP Interception

The kit includes functionality to steal one-time passwords (OTPs) sent via SMS or authentication apps, enabling attackers to bypass multi-factor authentication (MFA) protections.

๐ŸŒ Infrastructure Indicators of Compromise

Domain Information

Domain
mitramitecancelacion.on-forge.com
Registered
2024-10-13 21:10:44+00:00
Registrar
NAMECHEAP INC
Status
Active (469 days old)

๐Ÿฆ  Malicious Files

Main File
File Size

Obfuscated JavaScript file containing credential harvesting and OTP stealing logic.

๐Ÿ”ฌ JavaScript Deep Analysis

Operator Language
Spanish (1%)
Total Code Size
330.8ย KB

๐Ÿ”— API Endpoints Detected

Other
2

๐Ÿ” Obfuscation Detected

  • : Heavy

๐Ÿค– AI-Extracted Threat Intelligence

๐ŸŽฏ Malicious Files Identified

๐Ÿ˜ฐ
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.