Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://ipfs.io/ipfs/bafkreiclpeo3f2fqma2osalepnknn4wusqh735xug3fh6jpxuvr43i766u
Detected Brand
Microsoft
Country
International
Confidence
100%
HTTP Status
200
Report ID
3088cddc-760…
Analyzed
2026-02-03 00:01
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T137C11F31A000DD2B03C2D6E8A6BAB70B7355C309DA435A566BF8C38D5EE3EA5CC25261 |
|
CONTENT
ssdeep
|
96:n9eFWPJYK706ASOXlAm3Jty62gsrs2dRd8ujsiMf/PzeQM3uQrT60nQZvm:8qEXymZo6HicnzeTuQq0QZvm |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c4b7326d899cce4 |
|
VISUAL
aHash
|
180018181d1f0f9f |
|
VISUAL
dHash
|
7161713331357938 |
|
VISUAL
wHash
|
191818181f1f1fff |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
7161713331357938 |
Análisis de Código
Risk Score
82/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Suplantación de identidad
• Objetivo: Usuarios de Microsoft
• Método: Suplantación de dominio
• Exfil: document.write, atob, fromCharCode
• Indicadores: Dominio no relacionado, formulario solicitando credenciales.
• Riesgo: Alto
🔒 Obfuscation Detected
- atob
- fromCharCode
- document.write
- base64_strings
🎯 Kit Endpoints
- https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt=en-US&hosted=0&device_platform=Windows+10
📡 API Calls Detected
- GET
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain unrelated to Brand
The domain `ipfs.io` is not related to Microsoft.
Obfuscation
Obfuscation techniques (atob, fromCharCode, document.write) are detected, making the script analysis harder.
Form Asking Credentials
The page contains a form that requests a password.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Two-Factor Authentication Stealer
Objetivo
Microsoft users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Personal Info
- 11 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Microsoft
Official Website
https://www.microsoft.com
Fake Service
Microsoft account login
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker is attempting to steal user credentials by creating a fake login page that mimics Microsoft's login process.
Secondary Method: Social Engineering
The attacker relies on social engineering techniques to trick users into entering their login credentials.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Domain
ipfs.io
Registered
2014-05-16
Registrar
Unknown
Status
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Microsoft
https://ipfs.io/ipfs/bafkreicyxx5lcva7kw2zgenize2mh3in3llzmd...
Abr 07, 2026
Microsoft
https://bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6yw4awvuiffm3g...
Feb 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6...
Feb 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6...
Feb 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreihepzgltwylwmrklub4zkjk4saxdwpkrb...
Feb 10, 2026
Scan History for ipfs.io
Found 10 other scans for this domain
-
https://bafybeifucnntp2tzvo2smmgd2nrz2anlih4bapzou...
https://bafybeidainj73npe2kepzldqmuwzes5stwbgtu2pb...
https://bafybeidzv5orafwm4qq7m5wdptagbyyaksssolxhe...
https://bafybeiby3jwvxj44lno5pu2qjn5ezh5mlm4fkoy4q...
https://bafybeiaz6xbudbilnb4a52kkl2ffapf7oim253s7i...
https://bafybeieqilhn5yjrdt2cs46bglcamzimrcgbfuvq3...
https://bafkreidpy5pr2m6yvnk6v7ry7tu5lydi2rkd5reft...
https://bafybeih4lunv4ykv3qnx3n4c2c3d3gl5vlonz34ui...
http://ipfs.io/ipfs/bafybeibo7ht7ythkoucqnhcd4lzr5...
https://bafybeicfvmv4fni2inofzgesr4hc754scsn2zsohf...
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.