Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://www.seguro-allianz-delta.vercel.app/
Detected Brand
Bancolombia
Country
International
Confidence
100%
HTTP Status
200
Report ID
9ddff7a8-daa…
Analyzed
2026-03-05 17:13
Final URL (after redirects)
https://seguro-allianz-delta.vercel.app/
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DF044DF43694F4560AB747E3807F1102F3385D3B140E5960A3A5ECEA726989EA0B7FD9 |
|
CONTENT
ssdeep
|
1536:qhX1kCNE1Fejb6z5TGyi4oha6Ih6LcRs5Vx2t8qL1fyJFoySRFyhF2K5O9sPaUdB:0Ni094ohSQQRgV8waKL0q |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fb81d08cc78eb0a7 |
|
VISUAL
aHash
|
ffcbc1a1a3858181 |
|
VISUAL
dHash
|
e31b19494f1d1d5d |
|
VISUAL
wHash
|
ffcbc5e1a3858181 |
|
VISUAL
colorHash
|
06600008000 |
|
VISUAL
cropResistant
|
e31b19494f1d1d5d,6b7a5cdcc9899892,0f3f6edb1b31e166,8e156c654b2acbcf,b57c783870073f78,b02b6765714e59f3,4e430d2643419080 |
Análise de Código
Risk Score
76/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Banking
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Clientes do Bancolombia
• Método: Imitação via hospedagem gratuita
• Exfil: Desconhecido (formulário provavelmente)
• Indicadores: Hospedagem gratuita + logotipo
• Risco: Alto
🔒 Obfuscation Detected
- atob
- fromCharCode
📊 Detalhamento da Pontuação de Risco
Total Risk Score
95/100
Contributing Factors
Free Hosting + Brand Logo
The combination of free hosting and a brand logo is a strong indicator of phishing.
Obfuscated Javascript
Detection of obfuscated Javascript suggests malicious intent, possibly to hide the exfiltration process.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Banking Credential Harvester
Alvo
Bancolombia users (International)
Método de Ataque
Brand impersonation + obfuscated JavaScript
Canal de Exfiltração
Form submission (backend endpoint not detected - likely JavaScript-based)
Avaliação de Risco
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Banking
- 3 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
Bancolombia
Fake Service
Likely a general online banking portal, although more information from content analysis is needed.
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The attackers are likely trying to steal login credentials by presenting a fake login page that mimics the official Bancolombia website. Users will input their credentials and those will be sent to the attackers.
Secondary Method: Malicious Javascript
Obfuscated javascript can be used to hide the data exfiltration process and to evade detection. This can involve keylogging or intercepting form submissions.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domain
www.seguro-allianz-delta.vercel.app
Registered
None
Registrar
None
Status
None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.