URL THREAT INTELLIGENCE · v0.5.0 · OPERATIONAL
The full anatomy of a phishing site,
one URL at a time.
ZeroPhish renders the page, runs twelve detection signals against the DOM, certificate chain, brand fingerprint and threat feeds, and returns a typed verdict. Built for security teams and product engineers.
100 scans / day · free
·
typical scan 2–4 s
·
try
PHISHING · HIGH CONFIDENCE
Phishing detected
Risk score
0.86
86 / 100 · High risk
URL anatomy
https
://
bradesco
.
ativacaodechat
.
com
/empresa/
flagged
registered domain
path
protocol / query
Indicators of compromise
| URL | hxxps://bradesco[.]ativacaodechat[.]com/empresa/ | |
| Host | bradesco[.]ativacaodechat[.]com | |
| Registered domain | ativacaodechat[.]com | |
| Brand | Bradesco | |
| Screenshot | https://cdn.zerophish.ai/b08f84d0-7683-4f7c-a2a6-9bbf8ecc66e1.jpg | |
| Scan ID | d650e5f9-1fa3-4f1e-aff1-c8643944fb33 |
Detection signals
Brand typo-squat detected
No similar legitimate brand within edit-distance 2
critical
Domain age
Awaiting analysis
high
Threat intel blocklists
Awaiting analysis
critical
Credential collection form
No credential collection form on visible content
high
Visual similarity to known brand
Brand presentation matches the registered owner
high
Favicon impersonation
Favicon matches the registered owner
medium
SSL certificate
Served over HTTPS · valid TLS certificate
low
DNS reputation
Awaiting analysis
medium
showing 8 of 12 ·
Captured page
Brand impersonation
B
Bradesco
5%
Technical profile
| Host | bradesco.ativacaodechat.com |
| Registered domain | ativacaodechat.com |
| Scheme | https |
| Content length | 71245 B |
| HTTP | 200 · text/html |
| JARM | 0d39b39b30d30d37d20320327d20122de7c02fe862e334985aa656e5df0651 |
| Redirect hops | 1 |
Analyst summary
Initial scan
Conclusion: Phishing (high confidence)
The page is not a Bradesco login or account page. Instead, it presents a generic “security verification” interstitial typical of bot-check challenges, served from a suspicious subdomain (bradesco.ativacaodechat.com) that is not Bradesco’s legitimate domain.
What the page presents itself as
- It shows the host text: “bradesco.ativacaodechat.com”.
-
It displays a Cloudflare-style verification message:
- “Just a moment…”
- “Performing security verification”
- “This website uses a security service to protect against malicious bots.”
Suspicious / phishing signals found
- Brand impersonation via subdomain: The URL is https://bradesco.ativacaodechat.com/empresa/. Even though it includes “bradesco”, the registered domain is ativacaodechat.com, not a real Bradesco domain. Phishers commonly use this pattern to borrow trust.
-
Suspicious interstitial framing: The page blocks access with “Enable JavaScript and cookies to continue” (inside the HTML
<noscript>). Attackers often use such checks to funnel users toward a follow-on credential or payment capture page. - No legitimate navigation to Bradesco: The HTML contains only the challenge/landing text and Cloudflare footer; there is no evidence of Bradesco’s actual site structure (no login form, no real account UI).
URL vs. claimed brand
- Claimed/impersonated brand: Bradesco.
- URL domain: ativacaodechat.com (subdomain: bradesco.ativacaodechat.com). This is not Bradesco’s real domain, so the resemblance is superficial rather than legitimately hosted.
Credential collection assessment
- No credential form detected in the provided HTML/OCR (no username/password fields, no login form). However, the use of a verification interstitial on a non-brand domain is still a strong phishing indicator because it commonly precedes further malicious steps.
Overall, the combination of brand-in-name subdomain hosting plus the challenge-page framing leads to a phishing verdict despite the absence of a visible login form.