SafeMode - Analysis: app-rackspaces.vercel.app

Captura Visual

Informações de Detecção

http://app-rackspaces.vercel.app/login.html

Detected Brand

Rackspace

Country

USA

Confiança

100%

HTTP Status

200

Report ID

fe398cfa-ffd…

Analyzed

2026-03-17 17:04

Final URL (after redirects)

https://app-rackspaces.vercel.app/login.html

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T15A51237140BCBC27A743DAD0B9F59B0E6247C359CF135615A2F8839D1ADAC86CC4A369
CONTENT ssdeep	48:7NCvYcK4aFEyBoAJ78fKa9rJ2fK5107uM9OhQbgefUVbqn9BL:A2FFErU7AK8sKCuM4esw9J

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	b131c6cf99336465
VISUAL aHash	ffe3c3cfdfffffff
VISUAL dHash	20069e9990780c00
VISUAL wHash	ccccc0cc1c3c0000
VISUAL colorHash	07000030000
VISUAL cropResistant	20069e9990780c00,00430b0b0b854101

Análise de Código

Risk Score 100/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 Personal Info

Telegram Exfiltration

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Usuários da Rackspace
• Método: Personificação via página de login falsa.
• Exfil: Roubo de credenciais.
• Indicadores: Hospedagem gratuita, logotipo da marca, campos de formulário.
• Risco: Alto

🔒 Obfuscation Detected

fromCharCode

📡 API Calls Detected

https://ip-api.com/json/

🔑 Telegram Bot Tokens (1)

8583822853:AAEV...7aZsobKI

📊 Detalhamento da Pontuação de Risco

Total Risk Score

95/100

Contributing Factors

Free Hosting Abuse

The site is hosted on vercel.app, a free hosting service. This is a common tactic for phishing.

Brand Impersonation

The Rackspace logo is present, attempting to trick users into believing it's a legitimate site.

Credential Harvesting

The form requests sensitive information (email and password), confirming the intent to steal credentials.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Credential Harvesting Kit

Alvo

Rackspace users (USA)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltração

Telegram Bot (8583822853:AAEVcirJN...)

Avaliação de Risco

CRITICAL - Automated credential harvesting with Telegram Bot (8583822853:AAEVcirJN...)

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester, Personal Info
2 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Rackspace

Official Website

https://www.rackspace.com/

Fake Service

Webmail Login

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker attempts to steal user credentials (email and password) by creating a fake login page that mimics the appearance of Rackspace's webmail login. Users are tricked into entering their credentials, which are then captured by the attacker.