SafeMode - Analysis: ipfs.io

Captura Visual

Informações de Detecção

https://ipfs.io/ipfs/bafkreid3urbc3qfzmtmkc62d3lo3yqtfrrl6z6x2em3n5ayibqdyolvfoq

Detected Brand

Microsoft

Country

International

Confiança

96%

HTTP Status

200

Report ID

ed5a9ad3-7ad…

Analyzed

2026-02-03 11:46

Hashes de Conteúdo (Similaridade HTML)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T11281967160288C276583D6DCF375AF4A77854208CB935F18B6FC536E3BD9D8EE812298
CONTENT ssdeep	96:nmYgMSbxJReqcRIqoHrhoJp8eT8nXQbqPQIzMcNNJStY:uV8qcyNHrhneInXBpQK/SC

Hashes Visuais (Similaridade de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	c9dc43622e34d4f3
VISUAL aHash	f0f8fc9aa9490f3f
VISUAL dHash	e2b0b0365189d970
VISUAL wHash	f0f8fc98a149053f
VISUAL colorHash	07042008000
VISUAL cropResistant	e2b0b0365189d970

Análise de Código

Risk Score 81/100

Nível de Ameaça ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

Telegram Exfiltration

🔬 Threat Analysis Report

• Ameaça: Phishing
• Alvo: Usuários da Microsoft
• Método: Imitação por meio de domínio não relacionado
• Exfil: Tokens de bot do Telegram detectados. E-mail/senha.
• Indicadores: Domínio não relacionado, formulários, marca Microsoft.
• Risco: ALTO

🔒 Obfuscation Detected

atob
fromCharCode

🔑 Telegram Bot Tokens (1)

7244054853:AAGI...LU20S9CU

💬 Telegram Chat IDs (1)

6282208567

📊 Detalhamento da Pontuação de Risco

Total Risk Score

90/100

Contributing Factors

Domain mismatch

The domain (ipfs.io) is unrelated to the brand (Microsoft).

Form on the page

A form is present, requesting sensitive information (email).

Javascript Obfuscation

Javascript Obfuscation techniques detected

Telegram Token Found

Telegram token is a suspicious element.

🔬 Análise Integral de Ameaças

Tipo de Ameaça

Credential Harvesting Kit

Alvo

Microsoft users (International)

Método de Ataque

Brand impersonation + credential harvesting forms + obfuscated JavaScript

Canal de Exfiltração

Telegram Bot (7244054853:AAGIgymTC...)

Avaliação de Risco

CRITICAL - Automated credential harvesting with Telegram Bot (7244054853:AAGIgymTC...)

⚠️ Indicators of Compromise

1 Telegram bot token(s)
Kit types: Credential Harvester
19 obfuscation techniques

🏢 Análise de Falsificação de Marca

Impersonated Brand

Microsoft

Official Website

https://www.microsoft.com/

Fake Service

Microsoft account login

⚔️ Metodologia de Ataque

Primary Method: Credential Harvesting

The attacker is attempting to steal user credentials by creating a fake Microsoft login page on a different domain. The form on this page will capture the user's email/phone and password, which the attacker can then use to access their Microsoft account.