Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
No screenshot available
Detection Info
https://pedagiodigitalonlinebr.com/
Detected Brand
Pedágio Digital
Country
International
Confidence
100%
HTTP Status
200
Report ID
1b606b44-60e…
Analyzed
2026-02-19 16:03
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A3429670A2159C6FA19382D4F671DB1A2295C381D3060B64D7F910B7BACEDA4CC7A2ED |
|
CONTENT
ssdeep
|
192:5yqoQpuXeYUx9oKESP9HCbSCHnkYkFZQ+U+GPbcPcFPW9Ax7TmyA:0UP5CeCHnkYkjQ+UfPgUFhxfc |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
92366d39925ab279 |
|
VISUAL
aHash
|
00000e3e2e0c00ff |
|
VISUAL
dHash
|
bce5ececccfcd3dc |
|
VISUAL
wHash
|
40143e7e7e0e08ff |
|
VISUAL
colorHash
|
39600006000 |
|
VISUAL
cropResistant
|
3323dc323731618c,bce5ececccfcd3dc |
Code Analysis
Risk Score
96/100
Threat Level
BAJO
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Threat: Legitimate Website
• Target: Pedágio Digital users
• Method: N/A
• Exfil: N/A
• Indicators: Legitimate branding
• Risk: Low
🔒 Obfuscation Detected
- fromCharCode
- unicode_escape
🎯 Kit Endpoints
- https://pedagiodigitalonlinebr.com/api.js
📡 API Calls Detected
- https://www.cloudflare.com/cdn-cgi/trace
- https://ipinfo.io/json
- https://ip-api.com/json/
- https://ipapi.co/json/
- POST
- https://ipwhois.app/json/
📊 Risk Score Breakdown
Total Risk Score
5/100
Contributing Factors
Domain Age
Domain is recent which can be a risk, but not a primary indicator here
🔬 Comprehensive Threat Analysis
Threat Type
Banking Credential Harvester
Target
Pedágio Digital users (International)
Attack Method
obfuscated JavaScript
Exfiltration Channel
Unknown
Risk Assessment
CRITICAL - Automated credential harvesting with Unknown
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
- 18 obfuscation techniques
🏢 Brand Impersonation Analysis
Impersonated Brand
Pedágio Digital
⚔️ Attack Methodology
Primary Method: N/A - Legitimate Website
This is a legitimate website.
🌐 Infrastructure Indicators of Compromise
🦠 Malicious Files
Main File
api.js
File Size
📊 Attack Flow Diagram
User fills <input name=email> → registerVisit() → postToApi('https://pedagiodigitalonlinebr.com/api.js') → exfiltration of user data
🔬 JavaScript Deep Analysis
Operator Language
Portuguese (1%)
Total Code Size
404.3 KB
🔗 API Endpoints Detected
Other
9
🔐 Obfuscation Detected
- : Moderate
- : None
🤖 AI-Extracted Threat Intelligence
📊 Attack Flow
User fills <input name=email> → registerVisit() → postToApi('https://pedagiodigitalonlinebr.com/api.js') → exfiltration of user data
🎯 Malicious Files Identified
Main Drainer
api.jsFile Size
estimated 45KB
Malicious Functions
postToApiregisterVisitcreatePayment
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://cdn.gosafemode.com/screenshots/1b5dca3658f8.png
May 27, 2026
Unknown
https://cdn.gosafemode.com/screenshots/8429201dbeb4.png
May 02, 2026
Unknown
https://cdn.gosafemode.com/screenshots/b0170e8c0cc0.png
May 02, 2026
Unknown
https://cdn.gosafemode.com/screenshots/80dd53aa5b19.png
May 02, 2026
Scan History for pedagiodigitalonlinebr.com
Found 1 other scan for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.