EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of d8ac4b3b-2a37-4a54-9e22-e97453ba0438-00-1wgq5uqfmyri5.spock.replit.dev

Informações de Detecção

https://d8ac4b3b-2a37-4a54-9e22-e97453ba0438-00-1wgq5uqfmyri5.spock.replit.dev/
Detected Brand
BDV (Banco de Venezuela)
Country
Venezuela
Confiança
95%
HTTP Status
200
Report ID
0fff8fcd-ef5…
Analyzed
2026-02-03 23:44

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1F4319DA1C0848D0B8192D0A4D6B2931E2745D744E78B5E5167F463FB7ECB9A1CFA63C8
CONTENT ssdeep
24:AC0QdUNllR4wKw95GjQxGiVG8IMeLYlA23Aa:+7GYq8kp8qL83l

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
ca91b56c926ba536
VISUAL aHash
fffff0fcf0f0f0fe
VISUAL dHash
f061e5a925e7e5e8
VISUAL wHash
7e7e70f09070707c
VISUAL colorHash
07200008083
VISUAL cropResistant
f061e5a925e7e5e8,8aa28cccb2aaae8c,aaa2a2a0b28e8e0d

Análise de Código

Risk Score 53/100
Nível de Ameaça ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Clientes BDV
• Método: Imitação de identidade por meio de um formulário de login falso hospedado no Replit
• Exfil: step-2.php
• Indicadores: Domínio Replit, formulário, JavaScript, ofuscação unescape
• Risco: Alto

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • unescape

📤 Form Action Targets

  • step-2.php

📊 Detalhamento da Pontuação de Risco

Total Risk Score
90/100

Contributing Factors

Free Hosting Domain
The domain is hosted on Replit.dev, a free hosting service.
Form Action points to PHP script
Presence of a form action, suggesting data submission.
JavaScript Obfuscation
Obfuscated Javascript code found which is used to hide code and potentially malicious functionalities.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Credential Harvesting Kit
Alvo
BDV (Banco de Venezuela) users (Venezuela)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
HTTP POST to backend
Avaliação de Risco
MEDIUM - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester
  • 2 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
BDV
Fake Service
BDV Online Banking

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker aims to steal the victim's BDV credentials by creating a fake login form that mimics the bank's official website. The form redirects to a php script which likely will handle the credentials in a malicious manner.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
d8ac4b3b-2a37-4a54-9e22-e97453ba0438-00-1wgq5uqfmyri5.spock.replit.dev
Registered
None
Registrar
None
Estado
None

🔬 JavaScript Deep Analysis

Total Code Size
5,9 KB

🔗 API Endpoints Detected

Other
3

🔐 Obfuscation Detected

  • : None

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Banco de Venezuela
http://bdvappclientes.netlify.app/
Jun 16, 2026
 Screenshot
BDV
https://xpresss-venezuelaa.pages.dev/robots.txt
Jan 05, 2026
 Screenshot
BDV
https://bdvimpulsor.blob.core.windows.net/enlinea/bolivarian...
Jan 02, 2026
 Screenshot
BDV
https://banvenez.blob.core.windows.net/bdv-venezuela/bolivar...
Jan 01, 2026
 Screenshot
BDV
https://bdvprestamos.blob.core.windows.net/venezuela/bolivar...
Jan 01, 2026
😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.