EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of gemini.agit.studio

Información de Detección

http://gemini.agit.studio/
Detected Brand
Gemini
Country
International
Confidence
100%
HTTP Status
200
Report ID
bda22d99-e43…
Analyzed
2026-02-10 12:46
Final URL (after redirects)
https://gemini.agit.studio/

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T13B71747852D107B76103C9D0F69AFB2AD9E5CB58DA23584BE2FCC2CB0685C68DD4A361
CONTENT ssdeep
48:x2TtaaR8cC9AhiQ+ouOwKSwLaOSHyNT9Zb9NuNP5WfjhqbPQLjqS1:x2Twb9ACBwLaODNht9NuNP5khqb6OS1

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
a84bf318d933f60c
VISUAL aHash
000101031b0707ff
VISUAL dHash
fffff7b7b3cfff5f
VISUAL wHash
0103071f1f071fff
VISUAL colorHash
00000000030
VISUAL cropResistant
aaa2a2b2b2aaa2be,ffff7f7a4f4d5e6e,fffff757b3b7cfff

Análisis de Código

Risk Score 76/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Gemini
• Método: Suplantación de identidad y recopilación de credenciales
• Exfil: /auth
• Indicadores: Coincidencia de dominio, ofuscación, idioma chino.
• Riesgo: Alto

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • fromCharCode
  • unicode_escape

🎯 Kit Endpoints

  • https://evilmartians.com/chronicles/postcss-8-plugin-migration`),m.env.LANG&&m.env.LANG.startsWith(
  • https://tailwindcss.com/docs/content-configuration#safelisting-classes
  • https://tailwindcss.com`}),...e.nodes])},container:(()=
  • https://tailwindcss.com/docs/content-configuration
  • https://mths.be/cssesc
  • https://tailwindcss.com/docs/content-configuration#discarding-classes
  • https://tailwindcss.com/docs/upgrade-guide#prefix-cannot-be-a-function
  • https://tailwindcss.com/docs/upgrade-guide#configure-content-sources
  • https://tailwindcss.com/docs/using-with-preprocessors#nesting
  • https://cdn.tailwindcss.com
  • https://tailwindcss.com/docs/upgrade-guide#remove-dark-mode-configuration
  • https://www.w3ctech.com/topic/2226`));let
  • https://tailwindcss.com/docs/content-configuration#pattern-recommendations
  • https://twitter.com/browserslist
  • https://tailwindcss.com/docs/upgrade-guide#replace-variants-with-layer
  • https://tailwindcss.com/docs/installation

📡 API Calls Detected

  • /api/version/check

📤 Form Action Targets

  • /auth

📊 Desglose de Puntuación de Riesgo

Total Risk Score
95/100

Contributing Factors

Domain Mismatch
The domain does not match the expected domain for Gemini.
Obfuscation
Obfuscation techniques make analysis more difficult, suggesting an attempt to hide malicious intent.
Requests for sensitive information
Requests for 'verification token' that is sensitive is a red flag
JavaScript form submission
Uses javascript for form submissions which can be used to redirect and inject malicous code.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Two-Factor Authentication Stealer
Objetivo
Gemini users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
HIGH - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Personal Info
  • 18 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Gemini
Official Website
https://gemini.com/
Fake Service
Gemini Login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The site uses a form to trick users into entering their Gemini login credentials (or a 'verification token') into a fake login form. The entered data is then sent to the attackers.

Secondary Method: Phishing through Obfuscated JavaScript

The site uses JavaScript, and more specifically obfuscated JavaScript to try and hide what it is doing and how it is harvesting the data.

🌐 Indicadores de Compromiso de Infraestructura

🦠 Malicious Files

Main File
cdn.tailwindcss.com
File Size

🔬 JavaScript Deep Analysis

Operator Language
English (1%)
Total Code Size
397,7 KB

🔗 API Endpoints Detected

Other
5

🔐 Obfuscation Detected

  • : Moderate

🤖 AI-Extracted Threat Intelligence

🎯 Malicious Files Identified

Main Drainer
cdn.tailwindcss.com
File Size
397KB

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://gemini.agit.studio/
Abr 06, 2026

Scan History for gemini.agit.studio

Found 1 other scan for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.