SafeMode - Analysis: ipfs.io

Captura Visual

Información de Detección

https://ipfs.io/ipfs/bafkreid3urbc3qfzmtmkc62d3lo3yqtfrrl6z6x2em3n5ayibqdyolvfoq

Detected Brand

Microsoft

Country

International

Confianza

96%

HTTP Status

200

Report ID

ed5a9ad3-7ad…

Analyzed

2026-02-03 11:46

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T11281967160288C276583D6DCF375AF4A77854208CB935F18B6FC536E3BD9D8EE812298
CONTENT ssdeep	96:nmYgMSbxJReqcRIqoHrhoJp8eT8nXQbqPQIzMcNNJStY:uV8qcyNHrhneInXBpQK/SC

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c9dc43622e34d4f3
VISUAL aHash	f0f8fc9aa9490f3f
VISUAL dHash	e2b0b0365189d970
VISUAL wHash	f0f8fc98a149053f
VISUAL colorHash	07042008000
VISUAL cropResistant	e2b0b0365189d970

Análisis de Código

Risk Score 81/100

Nivel de Amenaza ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

Telegram Exfiltration

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Usuarios de Microsoft
• Método: Impersonación a través de un dominio no relacionado
• Exfil: Se detectaron tokens de bot de Telegram. Correo electrónico/contraseña.
• Indicadores: Dominio no relacionado, formularios, marca Microsoft.
• Riesgo: ALTO

🔒 Obfuscation Detected

atob
fromCharCode

🔑 Telegram Bot Tokens (1)

7244054853:AAGI...LU20S9CU

💬 Telegram Chat IDs (1)

6282208567

📊 Desglose de Puntuación de Riesgo

Total Risk Score

90/100

Contributing Factors

Domain mismatch

The domain (ipfs.io) is unrelated to the brand (Microsoft).

Form on the page

A form is present, requesting sensitive information (email).

Javascript Obfuscation

Javascript Obfuscation techniques detected

Telegram Token Found

Telegram token is a suspicious element.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza

Credential Harvesting Kit

Objetivo

Microsoft users (International)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltración

Telegram Bot (7244054853:AAGIgymTC...)

Evaluación de Riesgo

CRITICAL - Automated credential harvesting with Telegram Bot (7244054853:AAGIgymTC...)

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester
19 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand

Microsoft

Official Website

https://www.microsoft.com/

Fake Service

Microsoft account login

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker is attempting to steal user credentials by creating a fake Microsoft login page on a different domain. The form on this page will capture the user's email/phone and password, which the attacker can then use to access their Microsoft account.