Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://ipfs.io/ipfs/bafkreiclpeo3f2fqma2osalepnknn4wusqh735xug3fh6jpxuvr43i766u
Detected Brand
Microsoft
Country
International
Confidence
100%
HTTP Status
200
Report ID
3088cddc-760…
Analyzed
2026-02-03 00:01
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T137C11F31A000DD2B03C2D6E8A6BAB70B7355C309DA435A566BF8C38D5EE3EA5CC25261 |
|
CONTENT
ssdeep
|
96:n9eFWPJYK706ASOXlAm3Jty62gsrs2dRd8ujsiMf/PzeQM3uQrT60nQZvm:8qEXymZo6HicnzeTuQq0QZvm |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c4b7326d899cce4 |
|
VISUAL
aHash
|
180018181d1f0f9f |
|
VISUAL
dHash
|
7161713331357938 |
|
VISUAL
wHash
|
191818181f1f1fff |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
7161713331357938 |
Análise de Código
Risk Score
82/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
🔬 Threat Analysis Report
• Ameaça: Falsificação
• Alvo: Usuários da Microsoft
• Método: Falsificação de domínio
• Exfil: document.write, atob, fromCharCode
• Indicadores: Domínio não relacionado, formulário solicitando credenciais.
• Risco: Alto
🔒 Obfuscation Detected
- atob
- fromCharCode
- document.write
- base64_strings
🎯 Kit Endpoints
- https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt=en-US&hosted=0&device_platform=Windows+10
📡 API Calls Detected
- GET
📊 Detalhamento da Pontuação de Risco
Total Risk Score
90/100
Contributing Factors
Domain unrelated to Brand
The domain `ipfs.io` is not related to Microsoft.
Obfuscation
Obfuscation techniques (atob, fromCharCode, document.write) are detected, making the script analysis harder.
Form Asking Credentials
The page contains a form that requests a password.
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Two-Factor Authentication Stealer
Alvo
Microsoft users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Form submission (backend endpoint not detected - likely JavaScript-based)
Avaliação de Risco
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Personal Info
- 11 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
Microsoft
Official Website
https://www.microsoft.com
Fake Service
Microsoft account login
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The attacker is attempting to steal user credentials by creating a fake login page that mimics Microsoft's login process.
Secondary Method: Social Engineering
The attacker relies on social engineering techniques to trick users into entering their login credentials.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domain
ipfs.io
Registered
2014-05-16
Registrar
Unknown
Status
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Microsoft
https://ipfs.io/ipfs/bafkreicyxx5lcva7kw2zgenize2mh3in3llzmd...
Abr 07, 2026
Microsoft
https://bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6yw4awvuiffm3g...
Fev 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6...
Fev 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6...
Fev 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreihepzgltwylwmrklub4zkjk4saxdwpkrb...
Fev 10, 2026
Scan History for ipfs.io
Found 10 other scans for this domain
-
https://bafybeifucnntp2tzvo2smmgd2nrz2anlih4bapzou...
https://bafybeidainj73npe2kepzldqmuwzes5stwbgtu2pb...
https://bafybeidzv5orafwm4qq7m5wdptagbyyaksssolxhe...
https://bafybeiby3jwvxj44lno5pu2qjn5ezh5mlm4fkoy4q...
https://bafybeiaz6xbudbilnb4a52kkl2ffapf7oim253s7i...
https://bafybeieqilhn5yjrdt2cs46bglcamzimrcgbfuvq3...
https://bafkreidpy5pr2m6yvnk6v7ry7tu5lydi2rkd5reft...
https://bafybeih4lunv4ykv3qnx3n4c2c3d3gl5vlonz34ui...
http://ipfs.io/ipfs/bafybeibo7ht7ythkoucqnhcd4lzr5...
https://bafybeicfvmv4fni2inofzgesr4hc754scsn2zsohf...
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.