Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://sapafugesu.z38.web.core.windows.net/
Detected Brand
Microsoft Windows
Country
International
Confidence
100%
HTTP Status
200
Report ID
3d44a351-8e3…
Analyzed
2026-03-14 02:39
Final URL (after redirects)
https://sapafugesu.z38.web.core.windows.net/j8qb90gdp3cm.html
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CA73C039B2407E36010A43C5EFA28B6B7356C748DE561F48026CC77AADEFD68EC5259C |
|
CONTENT
ssdeep
|
1536:qpHmQjIE+8xY13QnN04Fmadph7XiE/XRL+fmHxdgRJ2YedsV2:qpHmQjIDcw3aN08dnDgRJcsE |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cbd33c33762c5522 |
|
VISUAL
aHash
|
283c3c3c3c3c0101 |
|
VISUAL
dHash
|
c9c9e9e1c9c9b3fb |
|
VISUAL
wHash
|
3c7c7c7c7c7c0301 |
|
VISUAL
colorHash
|
07000000183 |
|
VISUAL
cropResistant
|
939bc6ccc3139b93,a0aa8696aaa28acc,c9c9e9e1c9c9b3fb,815e8e86314ec0e0,b9b947981a1a180a |
Análise de Código
Risk Score
85/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Card Stealer
🎣 Personal Info
🔬 Threat Analysis Report
• Ameaça: Golpe de phishing.
• Alvo: Usuários do Windows.
• Método: Exibindo um alerta de segurança falso e incentivando a vítima a ligar para um número de suporte falso.
• Exfil: Número de telefone para possível engenharia social e roubo de credenciais.
• Indicadores: Incompatibilidade de domínio, alertas urgentes, número de telefone, Javascript ofuscado.
• Risco: Crítico.
🔒 Obfuscation Detected
- atob
- fromCharCode
- unescape
- document.write
- unicode_escape
- base64_strings
📊 Detalhamento da Pontuação de Risco
Total Risk Score
95/100
Contributing Factors
Domain Mismatch
The domain 'sapafugesu.z38.web.core.windows.net' is unrelated to the brand.
Impersonation
The site mimics Windows Security to create a sense of urgency.
Phishing Indicators
Presence of urgent warnings, a phone number and instructions.
Obfuscation
Obfuscation of javascript can be used to hide malicious code
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Banking Credential Harvester
Alvo
Microsoft Windows users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Form submission (backend endpoint not detected - likely JavaScript-based)
Avaliação de Risco
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Card Stealer, Personal Info
- 30 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
Microsoft Windows
Official Website
https://www.microsoft.com/en-us/windows
Fake Service
Windows Security
Fraudulent Claims
⚔️ Metodologia de Ataque
Primary Method: Tech Support Scam
The site displays a fake security alert designed to impersonate Microsoft and scare users into calling a provided phone number.
Secondary Method: Social Engineering
The attackers likely attempt to trick victims into providing personal information, granting remote access, or paying for fraudulent services.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domain
sapafugesu.z38.web.core.windows.net
Registered
None
Registrar
None
Status
None
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.