EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of produbancoenlinea.blob.core.windows.net

Información de Detección

https://produbancoenlinea.blob.core.windows.net/produbancoenlinea/index.html
Detected Brand
Produbanco
Country
International
Confianza
100%
HTTP Status
200
Report ID
27c1b3b1-bf5…
Analyzed
2026-03-15 16:43

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1AF61FE3452184D1A91A7C3945F39563833CEA345EF4B1A5482E8D79DEE9BC83DCFB0A8
CONTENT ssdeep
48:RsJ3L77R2Gb9SJSJSg/OLMXiVEhxA8m8UHHxS8oggWbWn/K1tNS8thzRa:WJPFdb9SJSJSg2QXhxMJg+Wny1jN6

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
8958580ba3f6e6a7
VISUAL aHash
0000ffffffffffff
VISUAL dHash
33328c10c8080000
VISUAL wHash
000000017fffffff
VISUAL colorHash
07000000e00
VISUAL cropResistant
8c8041c80c000000,0101040ab2300890

Análisis de Código

Risk Score 91/100
Nivel de Amenaza BAJO
🎣 Credential Harvester 🎣 Card Stealer

🔬 Threat Analysis Report

• Amenaza: Impersonación
• Objetivo: Usuarios de Produbanco
• Método: Inicio de sesión del usuario
• Exfil: Datos ingresados en el formulario
• Indicadores: Edad del dominio, presencia del logo.
• Riesgo: Bajo

🔒 Obfuscation Detected

  • atob
  • base64_strings

📡 API Calls Detected

  • https://api.ipify.org
  • https://api.ipify.org?format=json
  • https://ipapi.co/json/

📊 Desglose de Puntuación de Riesgo

Total Risk Score
20/100

Contributing Factors

Domain Age
The domain is old.
Form present
Forms present but this is usual for this kind of site.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
Produbanco users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, Card Stealer
  • 4 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Produbanco
Fake Service
Online banking login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attackers are likely trying to steal user credentials by mimicking the legitimate login page.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
produbancoenlinea.blob.core.windows.net
Registered
1995-08-10 04:00:00+00:00
Registrar
None
Estado
None

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Produbanco
https://tarjetasprodubancsosiality.vercel.app
Jun 01, 2026
 Screenshot
Produbanco
https://ingresarprodubanco-ec.vercel.app
Jun 01, 2026
 Screenshot
Produbanco
https://produbanprestarapidoec.vercel.app
Jun 01, 2026
 Screenshot
Produbanco
https://activacion-produ1.iceiy.com/
Feb 11, 2026
 Screenshot
Produbanco
https://verificacioninediata1.blob.core.windows.net/verifica...
Feb 10, 2026

Scan History for produbancoenlinea.blob.core.windows.net

Found 1 other scan for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.