Phishing Analysis

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Clientes Nubank
• Método: Imitação e JavaScript malicioso.
• Exfil: Desconhecido, provavelmente através de envios de formulários escondidos por ofuscação.
• Indicadores: Incompatibilidade de domínio, ofuscação de Javascript, imitação da marca.
• Risco: ALTO

🔒 Obfuscation Detected

• eval
• fromCharCode
• unescape
• unicode_escape
• base64_strings

🎯 Kit Endpoints

• http://developers.facebook.com/policy/].
• https://cdn.utmify.com.br/scripts/pixel/pixel.js
• https://www.facebook.com/privacy_sandbox/pixel/register/trigger/
• https://tailwindcss.com/docs/content-configuration
• https://nuudin.site/1/js/latest.js
• https://api.vturb.com.br
• https://tailwindcss.com/docs/using-with-preprocessors#nesting
• https://connect.facebook.net/
• https://connect.facebook.net/en_US/fbevents.js
• https://nuudin.site/1/js/page-handler3.js
• https://tailwindcss.com/docs/installation
• https://api6.ipify.org?format=json
• https://evilmartians.com/chronicles/postcss-8-plugin-migration`),m.env.LANG&&m.env.LANG.startsWith(
• https://tailwindcss.com`}),...e.nodes])},container:(()=
• https://mths.be/cssesc
• https://connect.facebook.net/log/fbevents_telemetry/
• https://cdn.tailwindcss.com
• https://www.facebook.com/tr
• https://developers.facebook.com/docs/meta-pixel/reference/
• https://tailwindcss.com/docs/content-configuration#pattern-recommendations
• https://twitter.com/browserslist
• https://www.instagram.com/tr/
• https://tailwindcss.com/docs/content-configuration#safelisting-classes
• https://tailwindcss.com/docs/content-configuration#discarding-classes
• https://www.facebook.com/privacy_sandbox/topics/registration/
• https://gw.conversionsapigateway.com
• https://www.facebook.com/tr/
• https://analytics.tiktok.com/i18n/pixel/events.js
• https://api.ipify.org?format=json
• https://wa.me/${o}?${e.split(

📡 API Calls Detected

• GET
• https://ipapi.co/json/

🦠 Malicious Files