EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of rayutucon.z5.web.core.windows.net

Información de Detección

https://rayutucon.z5.web.core.windows.net/
Detected Brand
Microsoft
Country
International
Confidence
100%
HTTP Status
200
Report ID
3b95c273-ab6…
Analyzed
2026-03-14 23:26
Final URL (after redirects)
https://rayutucon.z5.web.core.windows.net/phw2eo3ofkw8.html

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T13463BF35B2446D37016792C9FA619B5E0331D788CA461F8812ACC37B7DDFA68E81A1FD
CONTENT ssdeep
1536:8cR2ZYvpo/0gH7drGm5JgKAn4j2lJNbqWns1:8cRhC/jbdrGqAzlHs1

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
cbd33c33762c5522
VISUAL aHash
383c3c3c3c3c0101
VISUAL dHash
c9c9e9e1c9c9b3eb
VISUAL wHash
3c7c7c7c7c7c0301
VISUAL colorHash
07000018180
VISUAL cropResistant
9b9bc48e93119b92,b2ac86d6aa32ea8a,c9c9e9e1c9c9b3eb,423ce4e42c43141c,debc491a1a2a1a1a

Análisis de Código

Risk Score 97/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 OTP Stealer 🎣 Card Stealer 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Estafa de phishing
• Objetivo: Usuarios de Microsoft
• Método: Suplantación de identidad mediante ventana emergente
• Exfil: Número de teléfono
• Indicadores: Advertencia urgente, número de teléfono, Javascript ofuscado
• Riesgo: Alto

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • document.write
  • unicode_escape
  • base64_strings

📊 Desglose de Puntuación de Riesgo

Total Risk Score
90/100

Contributing Factors

Mismatched Domain
The domain does not belong to Microsoft.
Urgent Security Warning
The page uses an urgent security warning to pressure the user.
Phone Number Contact
The page displays a phone number for support, a common tactic in phishing scams.
Obfuscated Code
The website employs code obfuscation, which is used to hide malicious code from detection.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
Microsoft users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: OTP Stealer, Card Stealer, Personal Info
  • 29 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Microsoft
Official Website
null
Fake Service
Microsoft Defender

Fraudulent Claims

⚔️ Metodología de Ataque

Primary Method: Impersonation

The site impersonates Microsoft Defender, displaying a fake security warning to deceive users.

Secondary Method: Social Engineering

The scam uses fear and urgency to prompt users to call a provided phone number.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Domain
rayutucon.z5.web.core.windows.net
Registered
1995-08-10
Registrar
Name.com, Inc.
Status
ACTIVE

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Microsoft
https://cumegagud.z20.web.core.windows.net/
Abr 06, 2026
 Screenshot
Microsoft Windows
https://sapafugesu.z38.web.core.windows.net/
Mar 14, 2026
 Screenshot
Microsoft
https://lulelucov.z36.web.core.windows.net/
Mar 09, 2026
 Screenshot
Microsoft
https://reuaziwh.z33.web.core.windows.net/
Ene 04, 2026
😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.