EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of evitar-ya-lacompra26co.iceiy.com

Detection Info

https://evitar-ya-lacompra26co.iceiy.com/?i=1
Detected Brand
Banco de Bogotá
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
85dab424-1ba…
Analyzed
2026-05-24 10:18
Final URL (after redirects)
https://evitar-ya-lacompra26co.iceiy.com/?i=2

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T19F71BC314994DC3350E793EC92B65A0E17A9C345CA070A19E6F5D3ED1FC3C2DCE62194
CONTENT ssdeep
48:CbollurlxcC8w8lG5GtCMCkO3wAhcvnQeuuVHzuRkXolMoVfB1shju2X7BmK:3+d8NCI+Av0uVHzuRVlDVfEBZ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
bc1fc33c2cc3c338
VISUAL aHash
1e9ffff292fffffe
VISUAL dHash
7034a8a636888480
VISUAL wHash
300e7e72127e7e70
VISUAL colorHash
070000180c0
VISUAL cropResistant
7034a8a636888480

Code Analysis

Risk Score 100/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 Personal Info
Telegram Exfiltration

🔒 Obfuscation Detected

  • fromCharCode

🔑 Telegram Bot Tokens (1)

  • 8611960995:AAGT...ELSlX1Mk

💬 Telegram Chat IDs (1)

  • 8815675939

📊 Risk Score Breakdown

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected kit types: Credential Harvester, Personal Info
Credential Harvesting
Credential harvesting detected with 3 form(s) capturing sensitive data
Telegram Exfiltration
Real-time data exfiltration via Telegram (1 bot token(s) exposed in client-side code)
Code Obfuscation
JavaScript code obfuscated using 2 technique(s) to evade detection

🔬 Comprehensive Threat Analysis

Threat Type
Credential Harvesting Kit
Target
Banco de Bogotá users
Attack Method
credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Telegram Bot (8611960995:AAGTzkRon...)
Risk Assessment
CRITICAL - Automated credential harvesting with Telegram Bot (8611960995:AAGTzkRon...)

⚠️ Indicators of Compromise

  • 1 Telegram bot token(s)
  • Kit types: Credential Harvester, Personal Info
  • 2 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Banco de Bogotá
Official Website
N/A
Fake Service
Credential harvesting service

⚔️ Attack Methodology

Primary Method: Credential Harvesting

Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.

Secondary Method: JavaScript Obfuscation

Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.

📡 Telegram Command & Control Infrastructure

Bot Token (Masked)
8611960995:AAGT...ELSlX1Mk
Bot ID
8611960995
Group/Chat ID
8815675939
Operator Language
Unknown

💬 Message Templates (3)

ID Portuguese English Trigger

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
evitar-ya-lacompra26co.iceiy.com
Registered
2020-12-06 10:50:01+00:00
Registrar
Porkbun LLC
Status
Active (older domain)

Hosting Information

Provider
Porkbun LLC
ASN

🤖 AI-Extracted Threat Intelligence

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.