Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FCC2CAB0225306E663BBC9F4B3597F2578D5E3ABC44B80C8A5B550788FC7E7CAB09560 |
|
CONTENT
ssdeep
|
384:+xXhPh1VljnIykz+o2vQ/F1k2cKvXjcW1+9hT0fbJ:WXhp1VpIyk+o2ve1k2cK/j5o9E1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fbc1d48cc78e90a5 |
|
VISUAL
aHash
|
ffc9c5e1a3858181 |
|
VISUAL
dHash
|
671b19494f1d1d5d |
|
VISUAL
wHash
|
ffcbc1e1e3858181 |
|
VISUAL
colorHash
|
07600008000 |
|
VISUAL
cropResistant
|
671b19494f1d1d5d,6b7a5cdcc9899892,0f3f6ecf9b31e164,8e156c654b2acbcf,b57c783870073f78,b02b6765714e59f3,4e430d2643419080 |
• Amenaza: Posible recolección de datos a través de JavaScript ofuscado y envíos de formularios.
• Objetivo: Usuarios de Bancolombia.
• Método: Desconocido.
• Exfil: Desconocido por el momento.
• Indicadores: TLD inusual, JavaScript ofuscado, dominio antiguo.
• Riesgo: BAJO - Aunque el TLD es inusual y hay JavaScript ofuscado, el dominio sí parece estar relacionado.
The phishing kit captures login credentials entered by victims on a fake Bancolombia portal. The credentials are likely transmitted in real-time to an attacker-controlled server for immediate exploitation.
The kit includes functionality to steal one-time passwords (OTPs) sent via SMS or authentication apps, enabling attackers to bypass multi-factor authentication (MFA) protections.
Obfuscated JavaScript file containing credential harvesting and OTP stealing logic.
Pages with identical visual appearance (based on perceptual hash)