EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of n12-pessoajuridican-et.planos-empresa.com

Informações de Detecção

https://n12-pessoajuridican-et.planos-empresa.com/
Detected Brand
Bradesco
Country
Brazil
Confiança
100%
HTTP Status
200
Report ID
2d26c17d-8a0…
Analyzed
2026-01-25 09:19
Final URL (after redirects)
https://banco.bradesco/html/pessoajuridica/index.shtm

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T135B34221455B343722339F816BC5AB7D518B62D8A337CE07F6F44F2AABC4E54A94C21E
CONTENT ssdeep
768:SaZi4xAhMlQDXoo65ki96jL0xZoHP46JtA0+OI6:hi4xUDXoo6WiJxZoHPl+OI6

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
fc5c8b0135f848ee
VISUAL aHash
0080d0820200ff81
VISUAL dHash
1b65243666e00f2b
VISUAL wHash
01b8f082b37eff81
VISUAL colorHash
02000000006
VISUAL cropResistant
1849c9342999b136,ae8eaea2b2ae8ea6,9749858189c1c5c7,aa314d4d31452b2b,036b64343626e4aa,2b2b2b3b4c544e4b

Análise de Código

Risk Score 100/100
Nível de Ameaça ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Ameaça: Phishing bancário do Bradesco
• Alvo: Clientes do Bradesco Net Empresa no Brasil
• Método: Site falso do Bradesco roubando credenciais de login
• Exfil: Desconhecido para onde as credenciais roubadas são enviadas, mas provavelmente para um servidor malicioso
• Indicadores: Domínio não contém o nome da marca, JS Obfuscado, formulários, envio de formulário JavaScript, data de criação do domínio é no futuro
• Risco: CRÍTICO - Roubo de credenciais em tempo real

🔒 Obfuscation Detected

  • atob
  • eval
  • fromCharCode
  • unescape
  • document.write
  • hex_escape
  • unicode_escape
  • js_packer
  • base64_strings

🎯 Kit Endpoints

  • https://www.ne12.bradesconetempresa.b.br/ibpjlogin/login.jsf
  • https://policies.google.com/technologies/partner-sites

📡 API Calls Detected

  • GET
  • POST
  • https://www.google.com/ccm/geo
  • get

📊 Detalhamento da Pontuação de Risco

Total Risk Score
100/100

Contributing Factors

Active Phishing Kit
Detected Credential Harvester, OTP Stealer, Card Stealer, and Banking kits with real-time form interception capabilities.
High Obfuscation
1658 obfuscation techniques detected, indicating deliberate evasion of analysis and security tools.
Brand Impersonation
Impersonates Bradesco, a major Brazilian bank, targeting corporate clients (Pessoa Jurídica).
Large Malicious Payload
Total JavaScript size of 3.51 MB, suggesting complex malicious functionality.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Banking Credential Harvester
Alvo
Bradesco users (Brazil)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Unknown
Avaliação de Risco
CRITICAL - Automated credential harvesting with Unknown

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
  • 1658 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
Bradesco
Official Website
https://banco.bradesco/
Fake Service
Corporate Banking plans (Planos Empresa - Pessoa Jurídica)

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting and OTP Interception

The phishing kit captures corporate Banking credentials through fake login forms. It then intercepts one-time passwords (OTPs) via a secondary form, enabling real-time account takeover and unauthorized transactions.

Secondary Method: Card and Personal Information Theft

Additional forms are designed to harvest credit card details and personal information, likely for financial fraud or identity theft.

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domínio
n12-pessoajuridican-et.planos-empresa.com
Registered
2025-01-18 04:27:13+00:00
Registrar
Sav.com, LLC
Estado
Active (372 days old)

🦠 Malicious Files

Main File
File Size

Large JavaScript payload containing credential harvesting, OTP interception, and card stealing functionality.

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Sophistication Level
Advanced
Total Code Size
3,5 MB

🔗 API Endpoints Detected

Other
359
Backend API
2

🔐 Obfuscation Detected

  • : Moderate
  • : Heavy
  • : None
  • : Light
  • : Moderate
  • : Moderate
  • : Moderate
  • : Moderate
  • : Moderate
  • : Light
  • : Moderate
  • : Moderate
  • : Moderate
  • : Moderate

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Desconhecido
https://cdn.gosafemode.com/screenshots/60faaae357e5.png
Jun 01, 2026
 Screenshot
Bradesco
https://n2usuarioempresa.com/acess.php?token=4389698616a1e12...
Jun 01, 2026
 Screenshot
Bradesco
https://suporteacessochatnet.com/
Mai 14, 2026
 Screenshot
Bradesco
http://resgatesmiles.site/
Jan 29, 2026
 Screenshot
Bradesco
https://netempresas.solucoesbradesco.digital
Jan 14, 2026
😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.