Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Información de Detección
https://ipfs.io/ipfs/bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6yw4awvuiffm3gyd5nzdi/
Detected Brand
Microsoft
Country
International
Confidence
100%
HTTP Status
200
Report ID
ff9679b5-147…
Analyzed
2026-02-27 04:42
Hashes de Contenido (Similitud HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T146C13031A000DD2B03C2D7E8A6BAB70B7355C349D6435A565BF8C38D5EE3EA5CC26261 |
|
CONTENT
ssdeep
|
96:n9eFWPJYKP06hiXlAm3JRy6wgsrs2dRd8ujsiMf/PzeQMvuQ6w60nQJvi:8Q0XymZy6HicnzeDuQ6B0QJvi |
Hashes Visuales (Similitud de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c4b7326d899cce4 |
|
VISUAL
aHash
|
180018181d1f0f9f |
|
VISUAL
dHash
|
7161713331357938 |
|
VISUAL
wHash
|
191818181f1f1fff |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
7161713331357938 |
Análisis de Código
Risk Score
79/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
🔬 Threat Analysis Report
• Amenaza: Phishing
• Objetivo: Usuarios de Microsoft
• Método: Suplantación de identidad a través de una página de inicio de sesión falsa
• Exfil: Probablemente roba credenciales
• Indicadores: Desajuste de dominio, formularios, ofuscación
• Riesgo: Alto
🔒 Obfuscation Detected
- atob
- fromCharCode
- base64_strings
🎯 Kit Endpoints
- https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt=en-US&hosted=0&device_platform=Windows+10
📡 API Calls Detected
- GET
📊 Desglose de Puntuación de Riesgo
Total Risk Score
90/100
Contributing Factors
Domain Mismatch
The domain ipfs.io is not affiliated with Microsoft.
Forms and Sensitive Data Input
The page includes a form asking for a password, which is a key indicator of phishing.
Obfuscation
Javascript obfuscation used, indicating an attempt to hide malicious code
Impersonation of Brand
The page mimics the appearance of a Microsoft login page.
🔬 Análisis Integral de Amenazas
Tipo de Amenaza
Two-Factor Authentication Stealer
Objetivo
Microsoft users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Personal Info
- 6 obfuscation techniques
🏢 Análisis de Suplantación de Marca
Impersonated Brand
Microsoft
Official Website
https://www.microsoft.com
Fake Service
Microsoft Login
⚔️ Metodología de Ataque
Primary Method: Credential Harvesting
The attacker is using a fake login form on an unrelated domain (ipfs.io) to collect Microsoft account credentials.
🌐 Indicadores de Compromiso de Infraestructura
Domain Information
Domain
ipfs.io
Registered
2014-05-16 18:34:42+00:00
Registrar
None
Status
None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Microsoft
https://ipfs.io/ipfs/bafkreicyxx5lcva7kw2zgenize2mh3in3llzmd...
Abr 07, 2026
Microsoft
https://bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6yw4awvuiffm3g...
Feb 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6...
Feb 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreihepzgltwylwmrklub4zkjk4saxdwpkrb...
Feb 10, 2026
Microsoft
https://ipfs.io/ipfs/bafkreiclpeo3f2fqma2osalepnknn4wusqh735...
Feb 03, 2026
Scan History for ipfs.io
Found 10 other scans for this domain
-
https://bafybeifucnntp2tzvo2smmgd2nrz2anlih4bapzou...
https://bafybeidainj73npe2kepzldqmuwzes5stwbgtu2pb...
https://bafybeidzv5orafwm4qq7m5wdptagbyyaksssolxhe...
https://bafybeiby3jwvxj44lno5pu2qjn5ezh5mlm4fkoy4q...
https://bafybeiaz6xbudbilnb4a52kkl2ffapf7oim253s7i...
https://bafybeieqilhn5yjrdt2cs46bglcamzimrcgbfuvq3...
https://bafkreidpy5pr2m6yvnk6v7ry7tu5lydi2rkd5reft...
https://bafybeih4lunv4ykv3qnx3n4c2c3d3gl5vlonz34ui...
http://ipfs.io/ipfs/bafybeibo7ht7ythkoucqnhcd4lzr5...
https://bafybeicfvmv4fni2inofzgesr4hc754scsn2zsohf...
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.