CheckPhish Helps Uncover Venezuelan Government’s Blatant Attempts to Hack Its Own Citizens


Bolster has been actively monitoring reports of Venezuelan Government’s apparent involvement in hacking its own citizens through phishing. Bolster’s product has been a key element in this investigation since the very beginning, when a security researcher Jose-Luis Rivas, broke the story via a series of tweets. Since then, the story has been picked up several news channels like Espacio Público (Venezuela) and Motherboard (US) providing more details.

CheckPhish Traffic Spike

CheckPhish noticed a huge spike in traffic as soon as Jose-Luis Rivas shared his research on Twitter.

While CheckPhish gets visitors from over 150 countries a week, this traffic spike from Venezuela was so big that it ranked second in most used sessions by country, as seen in the Google Analytics image below.

CheckPhish Traffic Spike By Country

It all started with a domain gmail[.]web[.]ve that went live on August 16, 2018. CheckPhish detected it as a phishing site when the creators attempted registering for SSL certification. Below is the original screenshot and details of that scan.

Screenshot of on August 16 2018

Screenshot of gmail[.]web[.]ve on August 16 2018

On Feb 13 2019, Jose-Luis Rivas published tweets with links from CheckPhish showing details of past phishing domains associated with IP address

En este reporte, por ejemplo, del 16 de agosto de 2018, pueden ver cómo hay incluso una captura de pantalla donde se ve que imitan al sitio web de Gmail— Jose-Luis Rivas (@joseluisrivas) February 13, 2019

Associated with this IP address, voluntariovenezuela[.]com was the first phishing domain to be uncovered during the investigation by security researchers. This was targeting a site, which was set up on February 4, 2019 for international humanitarian donations to Venezuela.

Following these events, CheckPhish identified additional hosts linked to frankl[email protected] – the contact email listed in WHOIS records of all domains in these attacks.

Phishing domains associated with

This research is ongoing and we’ll be publishing more details on this blog post as we gather them.

CheckPhish is a free AI powered zero-day phishing and counterfeit website detection system. If you come across a suspicious links, we advise you to scan it through before accessing it.