Phishing Analysis
Detailed analysis of captured phishing page
Captura Visual
Informações de Detecção
https://ipfs.io/ipfs/bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6yw4awvuiffm3gyd5nzdi/
Detected Brand
Microsoft
Country
International
Confiança
100%
HTTP Status
200
Report ID
78ec7a99-cea…
Analyzed
2026-02-27 06:17
Hashes de Conteúdo (Similaridade HTML)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T146C13031A000DD2B03C2D7E8A6BAB70B7355C349D6435A565BF8C38D5EE3EA5CC26261 |
|
CONTENT
ssdeep
|
96:n9eFWPJYKP06hiXlAm3JRy6wgsrs2dRd8ujsiMf/PzeQMvuQ6w60nQJvi:8Q0XymZy6HicnzeDuQ6B0QJvi |
Hashes Visuais (Similaridade de Captura)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c4b7326d899cce4 |
|
VISUAL
aHash
|
180018181d1f0f9f |
|
VISUAL
dHash
|
7161713331357938 |
|
VISUAL
wHash
|
191818181f1f1fff |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
7161713331357938 |
Análise de Código
Risk Score
79/100
Nível de Ameaça
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Personal Info
🔬 Threat Analysis Report
• Ameaça: Phishing
• Alvo: Usuários da Microsoft
• Método: Impersonação
• Exfil: Provavelmente rouba credenciais
• Indicadores: Domínio não relacionado, formulário solicitando senha
• Risco: Alto
🔒 Obfuscation Detected
- atob
- fromCharCode
- base64_strings
🎯 Kit Endpoints
- https://passwordreset.microsoftonline.com/?ru=https%3a%2f%2flogin.microsoftonline.com%2fcommon%2freprocess%3fctx%3drQIIAYWSu4vTAADGm_au1zvQO0VEEeQGBxXS5tU8Kg49m0uba5LWJO0lgyVt0jyaV9u0aTIdTo43OdwkIg4nLk4iiDffdIuLoyCIgxxOiou9v8Dlgw9-fMv321jDi2QRKkL3c3ARrtzBUKysEX0KpDQcBTEKhkANQ3AQLaM4ikCwXobQydWNrQP6258nN7_Sr3efvnn1-fzvMXDbiqJwWimV4jguBsOhPTCKg8AruZqv2775HgDOAOA7ABxlVw0flMXj7BRHCRzFSJzCcQzBYAinigrCJbzE2mqXjlSmjSgJBPEevWhKZswz7YhH5ITzOJj3VFeoWY66ZHlGhjlmyTs0xj1a8qluNbuspUijiPd4m5eqsSApy53O6Et2U6jOIgu5iGBip8av7PowmHi9MJhGR7nn2YlpRA1nFOm2WWtFCian7LSh2qbLNxGQjOtE0yL0RJtbLT1g91TIjljHpgYttGeIC7_pDQfueMF1zJDSGMVE6WqDEXFWwtvKUBLS_VQQSXjIk464GzHJqDkLU6xOmi5EJCEqzOmpk87mCYmEYrutN4ZUn9ujPTcZDagIdvpwYKhpDZwlrTFIWb3I1H1kZIug2yCEMcu0SEXq-QuC1z153JrLUoDAEYjUFTFs99vYXOt03J2eXN-btYxJzbGZVNUbEJ4ws2RB7ldHeNmtph6PonKP6gwm83A6ZQPJEbvxu1x-eaYX-Ke5y0Fo-La-HU6Coe0aZyvAj5XrhfxW4UZmO3P3GpSrFAobW5mL9nsFeLm6tEU-qDz4ufmRfvvi3q2TT4eZ09VSXVW7jiA1-qQSsIsBYcCxxPnCTuQmlkSNISTAm_N-jdEI7CFcgQ_zwGE-f5q_0qj1eFoSpSpfqz6uIT3oPA88W8t8WP-PfyeXMv8A0&mkt=en-US&hosted=0&device_platform=Windows+10
📡 API Calls Detected
- GET
📊 Detalhamento da Pontuação de Risco
Total Risk Score
90/100
Contributing Factors
Domain mismatch and branding
The domain is not a legitimate Microsoft domain.
Forms requesting sensitive data
The form asks for a password, which is highly sensitive information.
Obfuscation Detected
Code obfuscation is a technique used to hide the malicious actions of a script
🔬 Análise Integral de Ameaças
Tipo de Ameaça
Two-Factor Authentication Stealer
Alvo
Microsoft users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltração
Form submission (backend endpoint not detected - likely JavaScript-based)
Avaliação de Risco
HIGH - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)
⚠️ Indicators of Compromise
- Kit types: Credential Harvester, OTP Stealer, Personal Info
- 6 obfuscation techniques
🏢 Análise de Falsificação de Marca
Impersonated Brand
Microsoft
Official Website
null
Fake Service
Microsoft account login
⚔️ Metodologia de Ataque
Primary Method: Credential Harvesting
The attacker attempts to steal user credentials (username/password) by presenting a fake login form that mimics a legitimate service (Microsoft). Once the user enters their credentials, the attacker can use them to access the victim's account.
Secondary Method: Data Exfiltration
The entered credentials, along with any other potentially harvested information, are sent to the attacker's server.
🌐 Indicadores de Compromisso de Infraestrutura
Domain Information
Domínio
ipfs.io
Registered
2014-05-16
Registrar
Namecheap, Inc.
Estado
Active
🤖 AI-Extracted Threat Intelligence
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Microsoft
https://secure-index-editor--zakariabritanni.replit.app/?nap...
Jun 03, 2026
Microsoft
https://ipfs.io/ipfs/bafkreiefkgvcjqqmhldyurtohmulkhp3okjawn...
Mai 01, 2026
Microsoft
https://ipfs.io/ipfs/bafkreicyxx5lcva7kw2zgenize2mh3in3llzmd...
Abr 07, 2026
Microsoft
https://bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6yw4awvuiffm3g...
Fev 27, 2026
Microsoft
https://ipfs.io/ipfs/bafkreiamrnq7ksq62eeqix4zhkowtijcmi6wo6...
Fev 27, 2026
Scan History for ipfs.io
Found 10 other scans for this domain
-
https://bafybeifucnntp2tzvo2smmgd2nrz2anlih4bapzou...
https://bafybeidainj73npe2kepzldqmuwzes5stwbgtu2pb...
https://bafybeidzv5orafwm4qq7m5wdptagbyyaksssolxhe...
https://bafybeiby3jwvxj44lno5pu2qjn5ezh5mlm4fkoy4q...
https://bafybeiaz6xbudbilnb4a52kkl2ffapf7oim253s7i...
https://bafybeieqilhn5yjrdt2cs46bglcamzimrcgbfuvq3...
https://bafkreidpy5pr2m6yvnk6v7ry7tu5lydi2rkd5reft...
https://bafybeih4lunv4ykv3qnx3n4c2c3d3gl5vlonz34ui...
http://ipfs.io/ipfs/bafybeibo7ht7ythkoucqnhcd4lzr5...
https://bafybeicfvmv4fni2inofzgesr4hc754scsn2zsohf...
"Nunca pensei que aconteceria comigo"
Isso dizem os 2,3 milhões de vítimas a cada ano. Não espere para ser uma estatística.