# formulario-davivienda-1ed9970ba3wf3.duckdns.org — MALICIOUS

> formulario-davivienda-1ed9970ba3wf3.duckdns.org is a live phishing domain impersonating Davivienda bank, flagged by 15 of 95 VirusTotal vendors.

## Summary
PhishDestroy identifies active credential harvesting activity tied to the domain formulario-davivienda-1ed9970ba3wf3.duckdns.org, which impersonates Davivienda, a major Latin American banking institution. Analysts have classified this host as a generic phishing resource designed to deceive users into surrendering sensitive banking credentials under the guise of a legitimate Davivienda login interface. The threat remains in active operation, with no evidence of takedown or remediation as of this advisory.

This domain was flagged by 15 of 95 VirusTotal vendors, placing it in the high-risk category. It resolves to IP address 44.248.60.105 and is protected by a Let’s Encrypt SSL certificate. Google Safe Browsing has classified the site under the SOCIAL_ENGINEERING category, confirming its malicious intent. VirusTotal analysis indicates a trustworthiness score of 15%, with detections including phishing kits and banking trojans. The domain leverages the free dynamic DNS service DuckDNS under the .duckdns.org TLD, which is frequently abused by threat actors for short-lived phishing campaigns.

Given the high risk rating and confirmed malicious activity, immediate action is recommended. Users should avoid accessing this domain and report it through their organization’s threat intelligence channels. Security teams are advised to block the domain at the DNS and firewall levels using indicators such as 44.248.60.105 and formulario-davivienda-1ed9970ba3wf3.duckdns.org. Additionally, caution should be exercised with any Davivienda-branded communications, as legitimate communications will not direct users to third-party domains for login purposes. Proactive user awareness training is strongly encouraged to mitigate the risk of credential theft.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 44.248.60.105

## Detection Status
- VirusTotal: 15 vendors flagged
- Google Safe Browsing: FLAGGED
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/2afe16d7-d37a-459a-b95a-7cdc6a3109e1
- PhishDestroy: https://phishdestroy.io/domain/formulario-davivienda-1ed9970ba3wf3.duckdns.org/
- LLM endpoint: https://phishdestroy.io/domain/formulario-davivienda-1ed9970ba3wf3.duckdns.org/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/formulario-davivienda-1ed9970ba3wf3.duckdns.org/
Last updated: 2026-03-21