Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
http://oesa.or.th/two.html
Detected Brand
Bunq
Country
Netherlands
Confidence
100%
HTTP Status
200
Report ID
8794714e-815…
Analyzed
2026-01-07 03:24
Final URL (after redirects)
https://oesa.or.th/two.html
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C722A632B1589C2F5583C3E5ABF1A62F72EDD350CF0286A685D4DB184FCBD94C9B2491 |
|
CONTENT
ssdeep
|
192:KvZP7YM439Pe4uykvlj1jLBI00zrzMl6KR0zrzMC:oZPTkhLuykvlj132nMl6KyMC |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3cc6633992399cc |
|
VISUAL
aHash
|
fffffffbdbe7a5db |
|
VISUAL
dHash
|
302a323232084d30 |
|
VISUAL
wHash
|
f8f8d8d83b3b0303 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
302a323232084d30 |
Code Analysis
Risk Score
70/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Banking
🔬 Threat Analysis Report
• Threat: Credential and financial information harvesting phishing kit.
• Target: Bunq users, particularly in the Netherlands.
• Method: Fake form requesting personal and financial details, including full name, postcode, IBAN, date of birth, mobile number, and email address.
• Exfil: Data sent to a Telegram bot.
• Indicators: Domain does not match official website, form action indicates data exfiltration to Telegram, requests sensitive information.
• Risk: CRITICAL - Immediate theft of personal and financial information.
🔐 Credential Harvesting Forms
📤 Form Action Targets
- config/telegram.php
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://sample-painting.com/two.html
Jun 19, 2026
No screenshot
Unknown
http://colmenaresguzman.cl/two.html
Feb 05, 2026
No screenshot
Bunq
http://web-3253.web-interface.eu/two.html
Jan 01, 2026
No screenshot
Bunq
https://web-3254.web-interface.eu/two.html
Jan 01, 2026
Bunq
https://oesa.or.th/two.html
Dec 31, 2025
Scan History for oesa.or.th
Found 3 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.