SafeMode - Analysis: channelhub.online

Captura Visual

Información de Detección

https://channelhub.online/ie0898b1b6992a4e4btb42b5e12j0fa4fce8.html

Detected Brand

Microsoft

Country

International

Confianza

95%

HTTP Status

200

Report ID

d9d8f65d-c8c…

Analyzed

2026-01-25 18:13

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T106D100316040AD3712D3D6D8B3B56B1B3384C205DE8757AA97E8C39E4EFBE61CC19292
CONTENT ssdeep	96:qvWFAzQgIeu0nPK/AmvUAK5KbdPs/l+veRzKDafEAD9NltZdSsTZS4W5QQOGAM2B:3gI0/lnRWDeZ9NVhW5UEIf

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	9c497326cc99d966
VISUAL aHash	180018181d1f1f9f
VISUAL dHash	7161713325727d38
VISUAL wHash	191818181f1f1fff
VISUAL colorHash	07000000180
VISUAL cropResistant	7161713325727d38

Análisis de Código

Risk Score 63/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Amenaza: Kit de phishing para robo de credenciales
• Objetivo: Usuarios de Microsoft a nivel global
• Método: Formulario falso que roba credenciales de email, teléfono o Skype
• Exfil: Posible exfiltración de datos mediante JavaScript ofuscado
• Indicadores: Dominio no relacionado, discrepancia de dominio, formulario de phishing
• Riesgo: ALTO - Robo inmediato de credenciales

🔒 Obfuscation Detected

atob

📊 Desglose de Puntuación de Riesgo

Total Risk Score

85/100

Contributing Factors

Active Phishing Kit

Detected Credential Harvester kit targeting Microsoft credentials with form fields for email, phone, or Skype.

Brand Impersonation

Impersonates Microsoft, a high-value target for credential harvesting and account takeover.

Obfuscation Techniques

Detected 1 obfuscation technique, indicating attempts to evade detection.

Lack of External Services

No Telegram bots, Discord webhooks, or WebSocket URLs detected, reducing immediate exfiltration risk but not eliminating it.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Credential Theft (Fake Microsoft Login)

Objetivo

Microsoft users (International)

Canal de Exfiltración

N/A (Landing page - no direct data collection)

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Microsoft

Official Website

https://www.microsoft.com

Fake Service

Microsoft account login verification

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The phishing kit presents a fake Microsoft login page to capture user credentials (email, phone, or Skype) via a form submission. The harvested data is likely transmitted to a backend server controlled by the attacker for immediate use or sale.

Secondary Method: Account Takeover

Once credentials are harvested, attackers can gain unauthorized access to Microsoft accounts, enabling further exploitation such as data theft, financial fraud, or lateral movement within corporate networks.