EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

No screenshot available

Informações de Detecção

http://www.public-xi-lemon.vercel.app/
Detected Brand
Unknown
Country
International
Confidence
100%
HTTP Status
200
Report ID
7b3d0210-06c…
Analyzed
2026-02-11 12:02
Final URL (after redirects)
https://public-xi-lemon.vercel.app/

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T11181831241109C334983D5E426A5AB5B32888779C603590DF7F8876E2AE3CD8CF6B669
CONTENT ssdeep
96:4S2sUjd42eUEz1YJNPDCZ49O3X9/GmLNmLc:jUEz1kNPDk49O3X9/r

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
d2c433f758a678c4
VISUAL aHash
6466666666666664
VISUAL dHash
cccccccccccccccc
VISUAL wHash
6646467676666666
VISUAL colorHash
07400038000
VISUAL cropResistant
cccccccccccccccc,6460646464686460

Análise de Código

Risk Score 100/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer
Telegram Exfiltration

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Não especificado
• Método: Obfuscação e conteúdo falso em hospedagem gratuita.
• Exfil: Bot do Telegram (8005531574:AAEfPknbFgolkF67VC1fSJUSD7LWnGZRUMA)
• Indicadores: Hospedagem gratuita, logotipo da marca em página suspeita, ofuscação.
• Risco: Alto

🔒 Obfuscation Detected

  • document.write

🎯 Kit Endpoints

  • https://zimbra.xmission.com/zimbra/css/common,login,zhtml,skin.css?skin=harmony&v=250124052454

📡 API Calls Detected

  • https://ipapi.co/json/

🔑 Telegram Bot Tokens (1)

  • 8005531574:AAEf...WnGZRUMA

📊 Detalhamento da Pontuação de Risco

Total Risk Score
90/100

Contributing Factors

Free Hosting
The site uses free hosting, a common indicator of phishing.
Suspicious Content
The presence of repeating 'FAKE' text and an overlaid logo indicates malicious intent.
Obfuscation
Obfuscated code detected indicating an attempt to hide malicious functionality.

🔬 Análise Integral de Ameaças

Tipo de Ameaça
Two-Factor Authentication Stealer
Alvo
General public
Método de Ataque
credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Telegram Bot (8005531574:AAEfPknbF...)
Avaliação de Risco
CRITICAL - Automated credential harvesting with Telegram Bot (8005531574:AAEfPknbF...)

⚠️ Indicators of Compromise

  • 1 Telegram bot token(s)
  • Kit types: Credential Harvester, OTP Stealer
  • 2 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand
XMISSION
Fake Service
Unknown

⚔️ Metodologia de Ataque

Primary Method: Phishing with obfuscated content

The attacker uses a free hosting service to host a malicious page containing obfuscated code designed to steal information. The use of repeating 'FAKE' text and an overlayed logo is intended to distract the user.

Secondary Method: Telegram exfiltration

The site likely uses JavaScript to collect user information and then exfiltrates it through a Telegram bot.

📡 Infraestrutura de Comando e Controle Telegram

Bot Token (Masked)
8005531574:AAEf...WnGZRUMA
Bot ID
8005531574
Group/Chat ID
Unknown
Operator Language
Unknown

💬 Message Templates (3)

ID Portuguese English Trigger

🌐 Indicadores de Compromisso de Infraestrutura

Domain Information

Domain
www.public-xi-lemon.vercel.app
Registered
None
Registrar
None
Status
None

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

No screenshot
Unknown
http://www.public-xi-lemon.vercel.app
Fev 19, 2026
 Screenshot
XMISSION
https://www.public-xi-lemon.vercel.app
Jan 07, 2026
 Screenshot
XMission
http://public-xi-lemon.vercel.app
Dez 25, 2025
 Screenshot
XMission
http://public-xi-lemon.vercel.app/
Dez 21, 2025

Scan History for www.public-xi-lemon.vercel.app

Found 3 other scans for this domain

😰
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.