Is bradescopj.com.br safe?

encoded payload

suspicious base64-like blobs detected in page content

cloaking

Page loads content in transparent or zero-size iframe overlay

js obfuscation

JavaScript uses Function constructor for runtime code generation

brand impersonation

The domain bradescopj.com.br impersonates Bradesco, a major Brazilian bank. The site clones the official Bradesco PJ (Pessoa Jurídica) portal including logos, branding, navigation, and content. The legitimate domain is banco.bradesco or bradesco.com.br, while bradescopj.com.br is an unauthorized lookalike domain designed to deceive users into believing they are on the official Bradesco business banking portal. (location: domain: bradescopj.com.br, page title: 'Bradesco PJ: Soluções Financeiras Para Sua Empresa', page.html:19)

phishing

The site impersonates the official Bradesco PJ banking portal and contains calls-to-action such as 'Abra sua conta' (Open your account) linking to internal paths like /html/pessoajuridica/solucoes-integradas/conta-corrente/abra-sua-conta.shtm. These links are designed to capture banking account applications from victims who believe they are on the legitimate Bradesco site. The site also references account services, boleto payments, credit, and financial products to lure business customers. (location: page.html:213-228, page.html:533-596)

credential harvesting

The site replicates the Bradesco Net Empresa corporate internet banking portal interface, with sections promoting 'Bradesco Net Empresa' online banking login capabilities including account balance checks, payment features, and user management. The search form and overall site structure mirror the legitimate Bradesco PJ portal to harvest banking credentials from corporate users who interact with login flows. (location: page.html:647-695, page.html:401-423)

hidden content

A 1x1 pixel invisible Facebook tracking pixel is embedded with display:none style, silently exfiltrating user visit data to Facebook pixel ID 1596502977285912 without clear disclosure. Additionally, two hidden div elements with id='doubleclick' are placed in absolute-positioned containers at the top and bottom of the body, potentially used for covert ad tracking or fingerprinting. (location: page.html:128-129 (noscript pixel), page.html:85-87, page.html:701-703 (doubleclick divs))

hidden content

A server-side include (SSI) directive is embedded in a JavaScript variable assignment: var ipcli = '<!--#echo var="REMOTE_ADDR"-->'. This captures and exposes the visitor's IP address client-side, which can be used for victim profiling and geotargeting of phishing attacks. (location: page.html:79, page-text.txt:9)

malicious redirect

The canonical URL and Open Graph metadata reference the legitimate banco.bradesco domain (og:url, canonical href), while the page is actually served from the impersonator domain bradescopj.com.br. Internal navigation links use relative paths on the fraudulent domain. This mismatch is a technique to make scrapers and AI agents believe the content is from the legitimate Bradesco domain while users are actually on the phishing site. (location: page.html:30 (og:url: https://banco.bradesco/), page.html:46 (canonical: https://banco.bradesco/html/pessoajuridica/), metadata.json domain: bradescopj.com.br)

social engineering

The site reproduces the complete Bradesco PJ brand experience including official logos served from assets.bradesco CDN, official app IDs (apple-itunes-app: 462977200, google-play-app: br.com.bradesco.netempresa), and social media profile links to @Bradesco. This multi-layer legitimacy signaling is intended to suppress user suspicion and increase trust in the fraudulent site. The site also uses Adobe DTM and mPulse performance monitoring scripts typical of enterprise banking sites to further mimic authenticity. (location: page.html:24-27, page.html:93-101, page.html:155, page.html:66)