Phishing Analysis: Unknown

Visual Capture

Detection Info

http://send-usdt-45.netlify.app

Detected Brand

Unknown

Country

International

Confidence

100%

HTTP Status

200

Report ID

730c468f-f3a…

Analyzed

2026-03-01 18:00

Final URL (after redirects)

https://send-usdt-45.netlify.app/

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T18171D77265021F5DE443C3F5FBE0B12B9295C366C60FA65CA1DC91A96FC7C18CD6A244
CONTENT ssdeep	48:GAAhRl9midgSF/IHLVYVH/c2iVVH/cgRwvIpfVa7MPGjRBFC:1SFeLGdkXdkmwafqPC

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cc66cc66cc339933
VISUAL aHash	1818000000000018
VISUAL dHash	3020000000000cb2
VISUAL wHash	1c1c1c0cf0f0fcfc
VISUAL colorHash	38000000e00
VISUAL cropResistant	3020000000000cb2

Code Analysis

Risk Score 100/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

Telegram Exfiltration

🔬 Threat Analysis Report

• Threat: Phishing
• Target: Cryptocurrency users
• Method: Impersonation to steal USDT
• Exfil: Telegram bot
• Indicators: Free hosting, requests for USDT, obfuscation.
• Risk: High

🔒 Obfuscation Detected

atob
fromCharCode
base64_strings

📡 API Calls Detected

logs
stats
0x3b3b57de
account
proxy

🔑 Telegram Bot Tokens (1)

8353531172:AAHV...BoylEX-8

📊 Risk Score Breakdown

Total Risk Score

90/100

Contributing Factors

Free Hosting

The site is hosted on a free hosting platform, a common tactic for phishing.

Requests Sensitive Information

The site requests the user send cryptocurrency (USDT) to a specific address, indicating a possible scam.

Obfuscation

Obfuscation (atob, fromCharCode, base64_strings) makes it difficult to read and analyze code which is often seen in phishing.

No branding

The website shows no branding, which is suspicious in and of itself.

🔬 Comprehensive Threat Analysis

Threat Type

Banking Credential Harvester

Target

General public

Attack Method

obfuscated JavaScript

Exfiltration Channel

Telegram Bot (8353531172:AAHVOCf9R...)

Risk Assessment

CRITICAL - Automated credential harvesting with Telegram Bot (8353531172:AAHVOCf9R...)

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
32 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand

Unknown Cryptocurrency Wallet/Exchange

Fake Service

USDT transfer

⚔️ Attack Methodology

Primary Method: Phishing

The site attempts to steal cryptocurrency by prompting users to send USDT to a specified address, likely controlled by the attacker. This is facilitated through a simple form on a domain hosted using free hosting.

Secondary Method: Social Engineering

The site may be distributed via a social engineering attack, such as through phishing emails or messages designed to trick the user to visit the site and complete the USDT transfer.