EN ES PT
Back to Stats

Captura Visual

No screenshot available

Información de Detección

https://falabellingres.webcindario.com/
Detected Brand
Unknown
Country
Unknown
Confianza
100%
HTTP Status
200
Report ID
35d6fc02-903…
Analyzed
2026-01-26 14:29

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T19BC1C73551448C3DA63BC2A8D3B5372B61A6C245CA4302F6C7F103BEA7E6D99DC670E8
CONTENT ssdeep
96:V09TBn9YLfqtHczu9rbUTaZ4KArrCbyTCu:q9TYu9UmZ4KArrWyTCu

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b333998c666666cc
VISUAL aHash
e7e7e7e7ffffffef
VISUAL dHash
0c0c4c4d000c000c
VISUAL wHash
e0e0e0e03f3f2727
VISUAL colorHash
07000000000
VISUAL cropResistant
0c0c4c4d000c000c

Análisis de Código

Risk Score 100/100
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info
Discord Webhook

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • hex_escape
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • GET
  • https://www.google.com/ccm/geo
  • POST
  • /hosting__contador__visitas__unicas.php
  • https://api.ipify.org?format=json

📊 Desglose de Puntuación de Riesgo

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected multiple phishing kit types: Credential Harvester, OTP Stealer, Banking, and Personal Info. Indicates a sophisticated, multi-stage attack framework.
Obfuscation Techniques
154 obfuscation techniques detected, including code minification, string encoding, and dynamic function execution to evade detection.
Malicious JavaScript Files
Presence of 3 suspicious JavaScript files (show_ads_impl_fy2021.js, adsbygoogle.js, miarroba_23335.js) totaling 0.9 MB, likely containing malicious payloads.
Exfiltration Channels
Detected Discord webhook for data exfiltration, enabling real-time transmission of stolen credentials to attackers.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
General public
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Discord Webhooks (1 detected)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Discord Webhooks (1 detected)

⚠️ Indicators of Compromise

  • 1 Discord webhook(s)
  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 154 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Fake Service
Unknown (no specific brand impersonation detected)

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing kit employs form-based credential harvesting to capture user inputs in real-time. Data is likely intercepted via JavaScript event listeners on form fields, then transmitted to a Discord webhook for exfiltration.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs) by mimicking legitimate OTP input fields. Captured OTPs are sent alongside credentials to bypass multi-factor authentication.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
falabellingres.webcindario.com
Registered
2001-02-28 12:45:04+00:00
Registrar
TUCOWS.COM, CO.
Estado
Active (9098 days old)

🦠 Malicious Files

Main File
File Size

Contains obfuscated JavaScript with potential credential harvesting and data exfiltration capabilities.

🔌 External APIs Abused

discord
  • webhook: Detected

📊 Diagrama de Flujo de Ataque

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL CONTACT                                       │
│    - Victim receives phishing message                    │
│    - Directed to fake Banking site                       │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE                                       │
│    - Mimics legitimate Banking site                     │
│    - Presents credential input form                      │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE                                    │
│    - Victim enters Banking credentials                   │
│    - Data collected by attacker                          │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA TRANSMISSION                                     │
│    - Stolen credentials sent to external service         │
│    - Single communication channel used                   │
└──────────────────────────────────────────────────────────┘
```

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
926,4 KB

🔗 API Endpoints Detected

Other
49

🔐 Obfuscation Detected

  • : Heavy
  • : Moderate
  • : None
  • : Moderate

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL CONTACT                                       │
│    - Victim receives phishing message                    │
│    - Directed to fake Banking site                       │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE                                       │
│    - Mimics legitimate Banking site                     │
│    - Presents credential input form                      │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE                                    │
│    - Victim enters Banking credentials                   │
│    - Data collected by attacker                          │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA TRANSMISSION                                     │
│    - Stolen credentials sent to external service         │
│    - Single communication channel used                   │
└──────────────────────────────────────────────────────────┘
```

🎯 Malicious Files Identified

🌐 External APIs Abused

  • discord

Scan History for falabellingres.webcindario.com

Found 1 other scan for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.