Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://activ77bhd.iceiy.com/index2.html
Detected Brand
Banco BHD
Country
Unknown
Confidence
100%
HTTP Status
200
Report ID
476742c4-8b8…
Analyzed
2026-06-28 14:09
Final URL (after redirects)
https://activ77bhd.iceiy.com/index2.html?i=1
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12D315831420C1C3EA5A382C883EA733A31F28189EB0B22244CF467B559DAC55FD7BDC4 |
|
CONTENT
ssdeep
|
24:hWOiuXx+t98djiyhllUgz8Ubt3Df8djiyhllzA5Ou2YxxVg0:TstGn8UB3D0dAPdxq0 |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
88b1374a49b7b6e1 |
|
VISUAL
aHash
|
0fffff18181d0300 |
|
VISUAL
dHash
|
dff77273b371ffff |
|
VISUAL
wHash
|
3fffff18181d0300 |
|
VISUAL
colorHash
|
03e09000000 |
|
VISUAL
cropResistant
|
dff77273b371f7ff,9f9f9fd1ccf4b8ac,71f3b37171ffffff,a6277b656777cfcf,c9b132092d6f1f3d |
Code Analysis
Risk Score
80/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
Discord Webhook
📡 API Calls Detected
- https://api.ipify.org?format=json
📊 Risk Score Breakdown
Total Risk Score
80/100
Contributing Factors
Active Phishing Kit
Detected kit types: Credential Harvester
Discord Exfiltration
Data exfiltration via Discord webhooks (1 webhook(s) exposed)
🔬 Comprehensive Threat Analysis
Threat Type
Credential Harvesting Kit
Target
Banco BHD users
Attack Method
Phishing webpage
Exfiltration Channel
Discord Webhooks (1 detected)
Risk Assessment
CRITICAL - Automated credential harvesting with Discord Webhooks (1 detected)
⚠️ Indicators of Compromise
- 1 Discord webhook(s)
- Kit types: Credential Harvester
🏢 Brand Impersonation Analysis
Impersonated Brand
Banco BHD
Official Website
N/A
Fake Service
Token swap/DEX platform
⚔️ Attack Methodology
Primary Method: Credential Harvesting
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Secondary Method: Standard Phishing Techniques
Uses typical phishing tactics including brand impersonation, urgency tactics, and social engineering to trick victims into providing sensitive information.
🌐 Infrastructure Indicators of Compromise
Domain Information
Domain
activ77bhd.iceiy.com
Registered
2020-12-06 10:50:01+00:00
Registrar
Porkbun LLC
Status
Active (older domain)
Hosting Information
Provider
Porkbun LLC
ASN
🤖 AI-Extracted Threat Intelligence
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.