EN ES PT
Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

https://mitramitecancelacion.on-forge.com/seguroalli
Detected Brand
Bancolombia
Country
Colombia
Confiança
100%
HTTP Status
200
Report ID
5e3ab66a-19b…
Analyzed
2026-01-25 23:52

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1FCC2CAB0225306E663BBC9F4B3597F2578D5E3ABC44B80C8A5B550788FC7E7CAB09560
CONTENT ssdeep
384:+xXhPh1VljnIykz+o2vQ/F1k2cKvXjcW1+9hT0fbJ:WXhp1VpIyk+o2ve1k2cK/j5o9E1

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
fbc1d48cc78e90a5
VISUAL aHash
ffc9c5e1a3858181
VISUAL dHash
671b19494f1d1d5d
VISUAL wHash
ffcbc1e1e3858181
VISUAL colorHash
07600008000
VISUAL cropResistant
671b19494f1d1d5d,6b7a5cdcc9899892,0f3f6ecf9b31e164,8e156c654b2acbcf,b57c783870073f78,b02b6765714e59f3,4e430d2643419080

Análise de Código

Risk Score 85/100
Nível de Ameaça BAJO
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking

🔬 Threat Analysis Report

• Ameaça: Potencial coleta de dados através de JavaScript ofuscado e envios de formulários.
• Alvo: Usuários do Bancolombia.
• Método: Desconhecido.
• Exfil: Desconhecido no momento.
• Indicadores: TLD incomum, JavaScript ofuscado, domínio antigo.
• Risco: BAIXO - Embora o TLD seja incomum e haja JavaScript ofuscado, o domínio parece estar relacionado.

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • document.write
  • base64_strings

📡 API Calls Detected

  • /proceso/llamada
  • /proceso/chat

📊 Detalhamento da Pontuação de Risco

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester, OTP Stealer, and Banking kits targeting financial institutions.
Obfuscation Techniques
26 obfuscation techniques detected in JavaScript files, indicating evasion of static analysis.
Brand Impersonation
Impersonates Bancolombia, a major financial institution, increasing victim trust.
Malicious JavaScript
Malicious JavaScript file (app-DD_cA9BU.js) with obfuscation, sized at 0.32 MB.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Banking Credential Harvester
Alvo
Bancolombia users (Colombia)
Método de Ataque
obfuscated JavaScript
Canal de Exfiltração
Unknown
Avaliação de Risco
CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking
  • 26 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
Bancolombia
Official Website
https://www.bancolombia.com
Fake Service
Account verification or security update

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The phishing kit captures login credentials entered by victims on a fake Bancolombia portal. The credentials are likely transmitted in real-time to an attacker-controlled server for immediate exploitation.

Secondary Method: OTP Interception

The kit includes functionality to steal one-time passwords (OTPs) sent via SMS or authentication apps, enabling attackers to bypass multi-factor authentication (MFA) protections.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
mitramitecancelacion.on-forge.com
Registered
2024-10-13 21:10:44+00:00
Registrar
NAMECHEAP INC
Estado
Active (469 days old)

🦠 Malicious Files

Main File
File Size

Obfuscated JavaScript file containing credential harvesting and OTP stealing logic.

🔬 JavaScript Deep Analysis

Operator Language
Spanish (1%)
Total Code Size
330,8 KB

🔗 API Endpoints Detected

Other
2

🔐 Obfuscation Detected

  • : Heavy

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.