Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
No screenshot available
Informações de Detecção
http://colmenaresguzman.cl/two.html
Detected Brand
Unknown
Country
International
Confiança
100%
HTTP Status
200
Report ID
1248d986-ff3…
Analyzed
2026-02-05 11:57
Final URL (after redirects)
https://colmenaresguzman.cl/two.html
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C722A632B1589C2F5583C3E5ABF1A62F72EDD350CF0286A685D4DB184FCBD94C9B2491 |
|
CONTENT
ssdeep
|
192:KvZP7YM439Pe4uykvlj1jLBI00zrzMl6KR0zrzMC:oZPTkhLuykvlj132nMl6KyMC |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3cc6633992399cc |
|
VISUAL
aHash
|
fffffffbdbe7a5db |
|
VISUAL
dHash
|
302a323232084d30 |
|
VISUAL
wHash
|
f8f8d8d83b3b0303 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
302a323232084d30 |
Análise de Código
Risk Score
70/100
Nível de Ameaça
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Banking
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Desconhecido
• Método: Formulários solicitando dados sensíveis
• Exfil: config/telegram.php
• Indicadores: Solicitação de informações pessoais e financeiras.
• Risco: ALTO
🔐 Credential Harvesting Forms
📤 Form Action Targets
- config/telegram.php
📊 Detalhamento da Pontuação de Risco
Total Risk Score
90/100
Contributing Factors
Suspicious form
Requests sensitive personal and financial information (PII, IBAN) in a form.
Exfiltration target
The form action points to an exfiltration target via config/telegram.php
Domain mismatch
Domain has no apparent connection to any legitimate brand.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Banking Credential Harvester
Alvo
General public
Método de Ataque
credential harvesting forms
Canal de Exfiltração
HTTP POST to backend
Avaliação de Risco
HIGH - Automated credential harvesting with HTTP POST to backend
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Banking
🏢 Análise de Falsificação de Marca
Impersonated Brand
Unknown
Fake Service
Unknown
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The site uses a form to collect sensitive personal and financial information such as name, address, IBAN, date of birth, phone number, and email. This data is likely being harvested to be used for identity theft or financial fraud.
Secondary Method: Exfiltration via Telegram
The form data is sent to a PHP script and then exfiltrated via Telegram. This allows the attackers to collect the information without it being stored on the server.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domínio
colmenaresguzman.cl
Registered
2018-04-02
Registrar
Unknown
Estado
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Desconhecido
https://sample-painting.com/two.html
Jun 19, 2026
Bunq
http://oesa.or.th/two.html
Jan 07, 2026
No screenshot
Bunq
http://web-3253.web-interface.eu/two.html
Jan 01, 2026
No screenshot
Bunq
https://web-3254.web-interface.eu/two.html
Jan 01, 2026
Bunq
https://oesa.or.th/two.html
Dez 31, 2025
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.