Phishing Analysis: Unknown

Captura Visual

Informações de Detecção

http://send-usdt-45.netlify.app

Detected Brand

Unknown

Country

International

Confidence

100%

HTTP Status

200

Report ID

730c468f-f3a…

Analyzed

2026-03-01 18:00

Final URL (after redirects)

https://send-usdt-45.netlify.app/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T18171D77265021F5DE443C3F5FBE0B12B9295C366C60FA65CA1DC91A96FC7C18CD6A244
CONTENT ssdeep	48:GAAhRl9midgSF/IHLVYVH/c2iVVH/cgRwvIpfVa7MPGjRBFC:1SFeLGdkXdkmwafqPC

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	cc66cc66cc339933
VISUAL aHash	1818000000000018
VISUAL dHash	3020000000000cb2
VISUAL wHash	1c1c1c0cf0f0fcfc
VISUAL colorHash	38000000e00
VISUAL cropResistant	3020000000000cb2

Análise de Código

Risk Score 100/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

Telegram Exfiltration

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Usuários de criptomoedas
• Método: Impersonação para roubar USDT
• Exfil: Bot do Telegram
• Indicadores: Hospedagem gratuita, solicitações de USDT, ofuscação.
• Risco: Alto

🔒 Obfuscation Detected

atob
fromCharCode
base64_strings

📡 API Calls Detected

logs
stats
0x3b3b57de
account
proxy

🔑 Telegram Bot Tokens (1)

8353531172:AAHV...BoylEX-8

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Free Hosting

The site is hosted on a free hosting platform, a common tactic for phishing.

Requests Sensitive Information

The site requests the user send cryptocurrency (USDT) to a specific address, indicating a possible scam.

Obfuscation

Obfuscation (atob, fromCharCode, base64_strings) makes it difficult to read and analyze code which is often seen in phishing.

No branding

The website shows no branding, which is suspicious in and of itself.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Banking Credential Harvester

Alvo

General public

Método de Ataque

obfuscated JavaScript

Canal de Exfiltração

Telegram Bot (8353531172:AAHVOCf9R...)

Avaliação de Risco

CRITICAL - Automated credential harvesting with Telegram Bot (8353531172:AAHVOCf9R...)

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
32 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Unknown Cryptocurrency Wallet/Exchange

Fake Service

USDT transfer

⚔️ Metodologia de Ataque

Primary Method: Phishing

The site attempts to steal cryptocurrency by prompting users to send USDT to a specified address, likely controlled by the attacker. This is facilitated through a simple form on a domain hosted using free hosting.

Secondary Method: Social Engineering

The site may be distributed via a social engineering attack, such as through phishing emails or messages designed to trick the user to visit the site and complete the USDT transfer.