Phishing Analysis

🔬 Threat Analysis Report

• Threat: Impersonation
• Target: Microsoft users
• Method: Domain spoofing
• Exfil: Document.write, atob, fromCharCode
• Indicators: Unrelated domain, form requesting credentials.
• Risk: High

🔒 Obfuscation Detected

• atob
• fromCharCode
• document.write
• base64_strings

🎯 Kit Endpoints

• https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt=en-US&hosted=0&device_platform=Windows+10

📡 API Calls Detected

• GET

Domain Information