EN ES PT
Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

https://falabellingres.webcindario.com/
Detected Brand
Unknown
Country
Unknown
Confiança
100%
HTTP Status
200
Report ID
35d6fc02-903…
Analyzed
2026-01-26 14:29

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T19BC1C73551448C3DA63BC2A8D3B5372B61A6C245CA4302F6C7F103BEA7E6D99DC670E8
CONTENT ssdeep
96:V09TBn9YLfqtHczu9rbUTaZ4KArrCbyTCu:q9TYu9UmZ4KArrWyTCu

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
b333998c666666cc
VISUAL aHash
e7e7e7e7ffffffef
VISUAL dHash
0c0c4c4d000c000c
VISUAL wHash
e0e0e0e03f3f2727
VISUAL colorHash
07000000000
VISUAL cropResistant
0c0c4c4d000c000c

Análise de Código

Risk Score 100/100
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info
Discord Webhook

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • hex_escape
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • GET
  • https://www.google.com/ccm/geo
  • POST
  • /hosting__contador__visitas__unicas.php
  • https://api.ipify.org?format=json

📊 Detalhamento da Pontuação de Risco

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected multiple phishing kit types: Credential Harvester, OTP Stealer, Banking, and Personal Info. Indicates a sophisticated, multi-stage attack framework.
Obfuscation Techniques
154 obfuscation techniques detected, including code minification, string encoding, and dynamic function execution to evade detection.
Malicious JavaScript Files
Presence of 3 suspicious JavaScript files (show_ads_impl_fy2021.js, adsbygoogle.js, miarroba_23335.js) totaling 0.9 MB, likely containing malicious payloads.
Exfiltration Channels
Detected Discord webhook for data exfiltration, enabling real-time transmission of stolen credentials to attackers.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Banking Credential Harvester
Alvo
General public
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Discord Webhooks (1 detected)
Avaliação de Risco
CRITICAL - Automated credential harvesting with Discord Webhooks (1 detected)

⚠️ Indicators of Compromise

  • 1 Discord webhook(s)
  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 154 obfuscation techniques

🏢 Análise de Falsificação de Marca

Fake Service
Unknown (no specific brand impersonation detected)

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The phishing kit employs form-based credential harvesting to capture user inputs in real-time. Data is likely intercepted via JavaScript event listeners on form fields, then transmitted to a Discord webhook for exfiltration.

Secondary Method: OTP Stealer

The kit includes functionality to intercept one-time passwords (OTPs) by mimicking legitimate OTP input fields. Captured OTPs are sent alongside credentials to bypass multi-factor authentication.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
falabellingres.webcindario.com
Registered
2001-02-28 12:45:04+00:00
Registrar
TUCOWS.COM, CO.
Estado
Active (9098 days old)

🦠 Malicious Files

Main File
File Size

Contains obfuscated JavaScript with potential credential harvesting and data exfiltration capabilities.

🔌 External APIs Abused

discord
  • webhook: Detected

📊 Diagrama de Fluxo de Ataque

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL CONTACT                                       │
│    - Victim receives phishing message                    │
│    - Directed to fake Banking site                       │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE                                       │
│    - Mimics legitimate Banking site                     │
│    - Presents credential input form                      │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE                                    │
│    - Victim enters Banking credentials                   │
│    - Data collected by attacker                          │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA TRANSMISSION                                     │
│    - Stolen credentials sent to external service         │
│    - Single communication channel used                   │
└──────────────────────────────────────────────────────────┘
```

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
926,4 KB

🔗 API Endpoints Detected

Other
49

🔐 Obfuscation Detected

  • : Heavy
  • : Moderate
  • : None
  • : Moderate

🤖 AI-Extracted Threat Intelligence

📊 Attack Flow

Here's a generic ASCII art attack flow diagram for the phishing attack:

```
┌──────────────────────────────────────────────────────────┐
│ 1. INITIAL CONTACT                                       │
│    - Victim receives phishing message                    │
│    - Directed to fake Banking site                       │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 2. FAKE LOGIN PAGE                                       │
│    - Mimics legitimate Banking site                     │
│    - Presents credential input form                      │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 3. CREDENTIAL CAPTURE                                    │
│    - Victim enters Banking credentials                   │
│    - Data collected by attacker                          │
└────────────────────┬─────────────────────────────────────┘
                     │
                     ▼
┌──────────────────────────────────────────────────────────┐
│ 4. DATA TRANSMISSION                                     │
│    - Stolen credentials sent to external service         │
│    - Single communication channel used                   │
└──────────────────────────────────────────────────────────┘
```

🎯 Malicious Files Identified

🌐 External APIs Abused

  • discord

Scan History for falabellingres.webcindario.com

Found 1 other scan for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.