Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://ipfs.io/ipfs/bafkreid3urbc3qfzmtmkc62d3lo3yqtfrrl6z6x2em3n5ayibqdyolvfoq
Detected Brand
Microsoft
Country
International
Confidence
96%
HTTP Status
200
Report ID
ed5a9ad3-7adβ¦
Analyzed
2026-02-03 11:46
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11281967160288C276583D6DCF375AF4A77854208CB935F18B6FC536E3BD9D8EE812298 |
|
CONTENT
ssdeep
|
96:nmYgMSbxJReqcRIqoHrhoJp8eT8nXQbqPQIzMcNNJStY:uV8qcyNHrhneInXBpQK/SC |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c9dc43622e34d4f3 |
|
VISUAL
aHash
|
f0f8fc9aa9490f3f |
|
VISUAL
dHash
|
e2b0b0365189d970 |
|
VISUAL
wHash
|
f0f8fc98a149053f |
|
VISUAL
colorHash
|
07042008000 |
|
VISUAL
cropResistant
|
e2b0b0365189d970 |
Code Analysis
Risk Score
81/100
Threat Level
ALTO
β οΈ Phishing Confirmed
π£ Credential Harvester
Telegram Exfiltration
π¬ Threat Analysis Report
β’ Threat: Phishing
β’ Target: Microsoft users
β’ Method: Impersonation via unrelated domain
β’ Exfil: Telegram bot tokens detected. Email/password.
β’ Indicators: Unrelated domain, forms, Microsoft branding.
β’ Risk: HIGH
π Obfuscation Detected
- atob
- fromCharCode
π Telegram Bot Tokens (1)
- 7244054853:AAGI...LU20S9CU
π¬ Telegram Chat IDs (1)
- 6282208567
π Risk Score Breakdown
Total Risk Score
90/100
Contributing Factors
Domain mismatch
The domain (ipfs.io) is unrelated to the brand (Microsoft).
Form on the page
A form is present, requesting sensitive information (email).
Javascript Obfuscation
Javascript Obfuscation techniques detected
Telegram Token Found
Telegram token is a suspicious element.
π¬ Comprehensive Threat Analysis
Threat Type
Credential Harvesting Kit
Target
Microsoft users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Telegram Bot (7244054853:AAGIgymTC...)
Risk Assessment
CRITICAL - Automated credential harvesting with Telegram Bot (7244054853:AAGIgymTC...)
β οΈ Indicators of Compromise
- 1 Telegram bot token(s)
- Kit types: Credential Harvester
- 19 obfuscation techniques
π’ Brand Impersonation Analysis
Impersonated Brand
Microsoft
Official Website
https://www.microsoft.com/
Fake Service
Microsoft account login
βοΈ Attack Methodology
Primary Method: Credential Harvesting
The attacker is attempting to steal user credentials by creating a fake Microsoft login page on a different domain. The form on this page will capture the user's email/phone and password, which the attacker can then use to access their Microsoft account.
Secondary Method: Social Engineering
The attacker may use various social engineering techniques to direct users to the fake login page, such as sending phishing emails or messages.
π‘ Telegram Command & Control Infrastructure
Bot Token (Masked)
7244054853:AAGI...LU20S9CU
Bot ID
7244054853
Group/Chat ID
6282208567
Operator Language
Unknown
π¬ Message Templates (3)
| ID | Portuguese | English | Trigger |
|---|---|---|---|
π Infrastructure Indicators of Compromise
Domain Information
Domain
ipfs.io
Registered
2014-05-16
Registrar
Namecheap, Inc.
Status
Active
π¬ JavaScript Deep Analysis
Total Code Size
26Β bytes
π Obfuscation Detected
- : None
π€ AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Microsoft
https://godisgreat1000x-hub.github.io/admin.html
Jun 14, 2026
Microsoft
https://ipfs.io/ipfs/bafkreihaivssupqnrfgsz3bgr4u2ru33ebfyl6...
Mar 23, 2026
Microsoft
https://usc1.contabostorage.com/49e32ba1adfe4deca189b7647db7...
Jan 30, 2026
Microsoft
https://hems.standard.us-east-1.oortstorages.com/11.znc
Jan 30, 2026
Microsoft
https://hems.standard.us-east-1.oortstorages.com/11.znc
Jan 25, 2026
Scan History for ipfs.io
Found 10 other scans for this domain
-
https://bafybeifucnntp2tzvo2smmgd2nrz2anlih4bapzou...
https://bafybeidainj73npe2kepzldqmuwzes5stwbgtu2pb...
https://bafybeidzv5orafwm4qq7m5wdptagbyyaksssolxhe...
https://bafybeiby3jwvxj44lno5pu2qjn5ezh5mlm4fkoy4q...
https://bafybeiaz6xbudbilnb4a52kkl2ffapf7oim253s7i...
https://bafybeieqilhn5yjrdt2cs46bglcamzimrcgbfuvq3...
https://bafkreidpy5pr2m6yvnk6v7ry7tu5lydi2rkd5reft...
https://bafybeih4lunv4ykv3qnx3n4c2c3d3gl5vlonz34ui...
http://ipfs.io/ipfs/bafybeibo7ht7ythkoucqnhcd4lzr5...
https://bafybeicfvmv4fni2inofzgesr4hc754scsn2zsohf...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.