SafeMode - Analysis: 4003659.com

EN ES PT

Back to Stats

Captura Visual

No screenshot available

Información de Detección

https://4003659.com

Detected Brand

Unknown

Country

International

Confianza

100%

HTTP Status

200

Report ID

a85b870f-28e…

Analyzed

2026-03-17 03:22

Final URL (after redirects)

https://4003659.com:8989/verify-page/index.html

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T12DC13331C05B292BF90381E8B1B0D71F62D3434ED782095592FD026A77CFD50F91A9DA
CONTENT ssdeep	96:Fuwp6S8LUfANuZsdFYTYcBZbEYTPdp2sclJnaWLlIJQ6B:B6SJouZs3kBNTPdp2sclJnak2Qg

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	dbb107cb3c0d81b6
VISUAL aHash	ffffffffdc280000
VISUAL dHash	f2caca3329d15166
VISUAL wHash	7fefffdb98080000
VISUAL colorHash	0e0000001c0
VISUAL cropResistant	f2f3ced8b32b35d9,8c6cacdcd86a7e5c,f87e7f7ffffebdaa,7f373373597c7e7f,2b2835d950516364,210830b2b2320c11,11043232b2300c21

Análisis de Código

Risk Score 88/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Card Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Desconocido
• Método: Captcha y Formulario
• Exfil: Ofuscación de Javascript
• Indicadores: Dominio no relacionado, ofuscación de Javascript, texto en chino
• Riesgo: Alto

🔒 Obfuscation Detected

fromCharCode
document.write

🎯 Kit Endpoints

https://4003659.com:8989/verify-page/theme/default/layer.css?v=3.1.0

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Suspicious Domain

The domain does not match any known brand.

JavaScript Obfuscation

Obfuscated code is a common tactic to hide malicious behavior.

CAPTCHA & Form

Captcha is used to evade bots and form submission indicates attempt to gather user data.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Banking Credential Harvester

Objetivo

General public

Método de Ataque

credential harvesting forms + obfuscated JavaScript

Canal de Exfiltración

Form submission (backend endpoint not detected - likely JavaScript-based)

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

Kit types: Credential Harvester, OTP Stealer, Card Stealer, Banking, Personal Info
6 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Unknown

Fake Service

Unknown

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The site likely attempts to harvest credentials via a form presented after passing the CAPTCHA.

Secondary Method: Javascript Obfuscation

Obfuscation hides the malicious code that will capture credentials.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio

4003659.com

Registered

None

Registrar

None

Estado

None

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot

https://vip36560.com/

https://5003659.com

https://3-6-5-9-b.com:8989

https://36593657.com:8989

Screenshot

https://365666u.cc

Scan History for 4003659.com

Found 1 other scan for this domain

http://4003659.com ? Dic 22, 2025 22:49

😰

"Nunca pensé que me pasaría a mí"

Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.