Phishing Analysis: Unknown

Captura Visual

No screenshot available

Informações de Detecção

http://www.public-xi-lemon.vercel.app

Detected Brand

Unknown

Country

International

Confidence

100%

HTTP Status

200

Report ID

0cc1b216-00c…

Analyzed

2026-02-19 15:45

Final URL (after redirects)

https://public-xi-lemon.vercel.app/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T11181831241109C334983D5E426A5AB5B32888779C603590DF7F8876E2AE3CD8CF6B669
CONTENT ssdeep	96:4S2sUjd42eUEz1YJNPDCZ49O3X9/GmLNmLc:jUEz1kNPDk49O3X9/r

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	d2c433f758a678c4
VISUAL aHash	6466666666666664
VISUAL dHash	cccccccccccccccc
VISUAL wHash	6646467676666666
VISUAL colorHash	07400038000
VISUAL cropResistant	cccccccccccccccc,6460646464686460

Análise de Código

Risk Score 100/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer

Telegram Exfiltration

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Não especificado
• Método: Imitação através de uma página semelhante.
• Exfil: Bot do Telegram (8005531574:AAEfPknbFgolkF67VC1fSJUSD7LWnGZRUMA) .
• Indicadores: Hospedagem gratuita, logotipo da marca.
• Risco: Alto

🔒 Obfuscation Detected

document.write

🎯 Kit Endpoints

https://zimbra.xmission.com/zimbra/css/common,login,zhtml,skin.css?skin=harmony&v=250124052454

📡 API Calls Detected

https://ipapi.co/json/

🔑 Telegram Bot Tokens (1)

8005531574:AAEf...WnGZRUMA

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Free Hosting

The site is hosted on a free hosting platform (vercel.app) which is a common indicator of phishing.

Brand Impersonation

The site uses a brand logo without the proper domain name.

Suspicious Content

Repeating 'FAKE' text in the background, indicates a malicious intent.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Two-Factor Authentication Stealer

Alvo

General public

Método de Ataque

credential harvesting forms + obfuscated JavaScript

Canal de Exfiltração

Telegram Bot (8005531574:AAEfPknbF...)

Avaliação de Risco

CRITICAL - Automated credential harvesting with Telegram Bot (8005531574:AAEfPknbF...)

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester, OTP Stealer
2 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

XMISSION

Fake Service

Unknown

⚔️ Metodologia de Ataque

Primary Method: Brand Impersonation

The attacker is trying to impersonate a brand (XMISSION) to deceive victims into providing sensitive information. This is done by hosting a site on a free hosting service with a misleading domain and brand elements, like a logo.