Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://skybarrowfundvia.com/
Detected Brand
Unknown - Financial Services
Country
International
Confianza
100%
HTTP Status
200
Report ID
e4c495b3-050…
Analyzed
2026-02-24 17:10
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T111A3DE234259752A4077C7D430B61F3BD1AA994BFAE709404EDCC7F62BFACA0702B659 |
|
CONTENT
ssdeep
|
768:6N89tMbXReQ/GJi55RPGOrbQwzqB/ySQ1qcn/:F9tMbXlOJi55R+OvQwzqB/Q1qcn/ |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9612ed6d0d671693 |
|
VISUAL
aHash
|
00040e060600ffff |
|
VISUAL
dHash
|
d73cecccec0c0326 |
|
VISUAL
wHash
|
000e0e0e0e8effff |
|
VISUAL
colorHash
|
02003400400 |
|
VISUAL
cropResistant
|
bc6cccccbc0c0026,dcbd6cecccccac6c,1c07412513161c3c |
Análisis de Código
Risk Score
73/100
Nivel de Amenaza
ALTO
⚠️ Phishing Confirmed
🎣 OTP Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Individuos que buscan servicios financieros
• Método: Suplantación de identidad a través de un sitio web falso
• Exfil: Datos del formulario (nombre, correo electrónico, número de teléfono) a un destino desconocido
• Indicadores: Dominio no relacionado, formulario presente, marca genérica
• Riesgo: ALTO
🔒 Obfuscation Detected
- unicode_escape
📡 API Calls Detected
- https://amos-mamaya.fun/geo
- ./form/handle_form.php
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain Age
Relatively new domain is a strong indicator of phishing.
Form Present/Data Collection
Form is used to gather personal information.
Domain Name
Domain name does not match any known legitimate brand and is likely an attempt to impersonate a brand.
Obfuscation Detected
Obfuscated Javascript can be used for malicious purposes and to evade detection
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Banking Credential Harvester
Objetivo
Unknown - Financial Services users (International)
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: OTP Stealer, Banking, Personal Info
- 31 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Unknown financial services or a non-existent brand
Fake Service
Financial investment platform
Fraudulent Claims
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker attempts to collect the victims personal information via a sign-up form. Collected data is likely used for phishing or other fraudulent activities.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Dominio
skybarrowfundvia.com
Registered
2024-09-06
Registrar
Namecheap
Estado
active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Desconocido
https://nul.smartproinvest.com/
Jun 20, 2026
No screenshot
Desconocido
https://credonexiafunziona.com/
Feb 27, 2026
Zenflow Capital or similar financial services
https://zenflow-capital.com/
Feb 25, 2026
No screenshot
Desconocido
https://quantumdexair9000.net/
Feb 25, 2026
No screenshot
Desconocido
https://instant-6000-renova.com/
Feb 23, 2026
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.