EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of fraudoptix.com

Información de Detección

https://fraudoptix.com/vi22fe02226/792e0bff658f2ae7fbbaa7c2/index.php?id=40c92f7aa24713d87e3a9a66c2be7f13
Detected Brand
Microsoft
Country
International
Confianza
100%
HTTP Status
200
Report ID
6b1c966f-df8…
Analyzed
2026-06-19 22:14

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T10281A551906C1F3762438498F5A13F4B17E846C98702AF1CEFB854AD9ECBF64D92218A
CONTENT ssdeep
96:PxhBeVL48Ydfzuv5y38TNuzduhkD1zkLYdwdDd/VkL93ah4:PRe6dfzuwzUX4

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
989cc9336763d64c
VISUAL aHash
ffff1e0000000000
VISUAL dHash
f0f0f070f8f8d86a
VISUAL wHash
ffff7f08000000ff
VISUAL colorHash
13c00010000
VISUAL cropResistant
30e0e4e4e4e4c0c4,0048732a49080000,f0f0f070f8f9d86a

Análisis de Código

Risk Score 77/100
Nivel de Amenaza MEDIO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 Banking

🔬 Threat Analysis Report

• Amenaza: Robo de credenciales
• Objetivo: Usuarios de Microsoft
• Método: Suplantación de identidad mediante portal de inicio de sesión
• Exfil: index.php
• Indicadores: JS ofuscado, dominio no coincidente
• Riesgo: Medio (Simulado/Entrenamiento)

🔐 Credential Harvesting Forms

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • base64_strings

📤 Form Action Targets

  • index.php

📊 Desglose de Puntuación de Riesgo

Total Risk Score
65/100

Contributing Factors

Obfuscated Code
Use of atob/unescape for form logic.
Brand Impersonation
Microsoft login page on external domain.
Disclaimer present
Page explicitly identifies as training simulation.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
Microsoft users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
HTTP POST to backend
Evaluación de Riesgo
HIGH - Automated credential harvesting with HTTP POST to backend

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, Banking
  • 36 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
Microsoft
Official Website
https://www.microsoft.com
Fake Service
Microsoft 365 / Account Login

Fraudulent Claims

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The site mimics a legitimate Microsoft login portal to capture credentials input by the user.

Secondary Method: Obfuscated Redirection

Uses encoded JavaScript to obfuscate the form processing script.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
fraudoptix.com
Registered
2007-09-25
Registrar
Unknown
Estado
Active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Microsoft
https://365-notifcation.com/93132a08184/0e7994f46ef77d17999e...
Jun 08, 2026
 Screenshot
Microsoft
https://365-notifcation.com/93132a08184/0e7994f46ef77d17999e...
Feb 17, 2026
No screenshot
Unknown
https://365-notifcation.com/93132a08184/0e7994f46ef77d17999e...
Dic 26, 2025
😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.