EN ES PT
Back to Stats

Captura Visual

No screenshot available

Información de Detección

https://mitramitecancelacion.on-forge.com/seguroalli
Detected Brand
Bancolombia
Country
Colombia
Confianza
100%
HTTP Status
200
Report ID
5e3ab66a-19b…
Analyzed
2026-01-25 23:52

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1FCC2CAB0225306E663BBC9F4B3597F2578D5E3ABC44B80C8A5B550788FC7E7CAB09560
CONTENT ssdeep
384:+xXhPh1VljnIykz+o2vQ/F1k2cKvXjcW1+9hT0fbJ:WXhp1VpIyk+o2ve1k2cK/j5o9E1

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
fbc1d48cc78e90a5
VISUAL aHash
ffc9c5e1a3858181
VISUAL dHash
671b19494f1d1d5d
VISUAL wHash
ffcbc1e1e3858181
VISUAL colorHash
07600008000
VISUAL cropResistant
671b19494f1d1d5d,6b7a5cdcc9899892,0f3f6ecf9b31e164,8e156c654b2acbcf,b57c783870073f78,b02b6765714e59f3,4e430d2643419080

Análisis de Código

Risk Score 85/100
Nivel de Amenaza BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking

🔬 Threat Analysis Report

• Amenaza: Posible recolección de datos a través de JavaScript ofuscado y envíos de formularios.
• Objetivo: Usuarios de Bancolombia.
• Método: Desconocido.
• Exfil: Desconocido por el momento.
• Indicadores: TLD inusual, JavaScript ofuscado, dominio antiguo.
• Riesgo: BAJO - Aunque el TLD es inusual y hay JavaScript ofuscado, el dominio sí parece estar relacionado.

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • document.write
  • base64_strings

📡 API Calls Detected

  • /proceso/llamada
  • /proceso/chat

📊 Desglose de Puntuación de Riesgo

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester, OTP Stealer, and Banking kits targeting financial institutions.
Obfuscation Techniques
26 obfuscation techniques detected in JavaScript files, indicating evasion of static analysis.
Brand Impersonation
Impersonates Bancolombia, a major financial institution, increasing victim trust.
Malicious JavaScript
Malicious JavaScript file (app-DD_cA9BU.js) with obfuscation, sized at 0.32 MB.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
Bancolombia users (Colombia)
Método de Ataque
obfuscated JavaScript
Canal de Exfiltración
Unknown
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking
  • 26 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Bancolombia
Official Website
https://www.bancolombia.com
Fake Service
Account verification or security update

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing kit captures login credentials entered by victims on a fake Bancolombia portal. The credentials are likely transmitted in real-time to an attacker-controlled server for immediate exploitation.

Secondary Method: OTP Interception

The kit includes functionality to steal one-time passwords (OTPs) sent via SMS or authentication apps, enabling attackers to bypass multi-factor authentication (MFA) protections.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
mitramitecancelacion.on-forge.com
Registered
2024-10-13 21:10:44+00:00
Registrar
NAMECHEAP INC
Estado
Active (469 days old)

🦠 Malicious Files

Main File
File Size

Obfuscated JavaScript file containing credential harvesting and OTP stealing logic.

🔬 JavaScript Deep Analysis

Operator Language
Spanish (1%)
Total Code Size
330,8 KB

🔗 API Endpoints Detected

Other
2

🔐 Obfuscation Detected

  • : Heavy

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.