Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://docusign-file.fyi/review
Detected Brand
DocuSign
Country
International
Confidence
100%
HTTP Status
200
Report ID
3fe72692-36c…
Analyzed
2026-03-05 07:26
Final URL (after redirects)
https://ipfs.io/ipfs/bafybeify7bfw7m2dfnjqzyonaig5fdpaykbrelb3dk6oge2qp5yeeqpvtq/
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AE211530B049D81B4662C2C4F7F0A50B3F81C3D9D7482D1576DFA6AA1EF6D59EC1A0D5 |
|
CONTENT
ssdeep
|
12:hRwMy7FU5GKNJdoRG7wv9Tv6qqET7ADAtJD1G7BzAewPrikkWCFwo7Qa59SCIUeY:hR/CCdo9v9zdnh7DmKvUuTj6vOPwyoTp |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
dc2fa7e2d89ca2c0 |
|
VISUAL
aHash
|
ff000018d8e0f8ff |
|
VISUAL
dHash
|
63636232b2a92064 |
|
VISUAL
wHash
|
ff000018d8f0fcff |
|
VISUAL
colorHash
|
1e007000000 |
|
VISUAL
cropResistant
|
31a1232363636363,ae820baa8eccceb2,4c4c080c0c0c1818,63633232b2ab2060 |
Análisis de Código
Risk Score
65/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de DocuSign
• Método: Suplantación de identidad a través de un dominio sospechoso y un botón de llamada a la acción.
• Exfil: Desconocido, probablemente robo de credenciales o descarga de malware.
• Indicadores: Discordancia de dominio, botón de llamada a la acción, solicitud de verificación.
• Riesgo: Alto
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain Mismatch
The domain does not match the legitimate DocuSign domain.
Phishing Keywords and Tactics
The page uses a call to action button, a common phishing tactic.
Suspicious domain extension
The use of .fyi is unusual for a document portal
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Two-Factor Authentication Stealer
Objetivo
DocuSign users (International)
Método de Ataque
Brand impersonation
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer
🏢 Análisis de Suplantación de Marca
Impersonated Brand
DocuSign
Official Website
https://www.docusign.com
Fake Service
DocuSign Secure Document Portal
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting / Malware Delivery
The attacker aims to steal user credentials. After clicking the 'View File' button, the user will likely be redirected to a page that attempts to steal credentials through a login form or install malware on the users system.
Secondary Method: Spear Phishing
The email containing the link has likely been sent in bulk, targeting DocuSign users. It may contain personalized information to increase its chance of success.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Domain
docusign-file.fyi
Registered
None
Registrar
None
Status
None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for docusign-file.fyi
Found 2 other scans for this domain
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.