{"root_cid":"bafybeiaq62jlz4aervx3h7tjly3gsrithlqk4kkj5nrojp4llriesk4dbq","model":"openai/gpt-5.4-mini","analyzed_at":"2026-05-01T04:02:10.210Z","result":{"schema_version":1,"category":"Identity","category_confidence":0.99,"summary":"A phishing-style identity capture flow masquerading as Microsoft Office 365 and a judicial notice, collecting login details and posting them to an external Google Apps Script endpoint.","signals":["analysis-context.latest_probe.title is \"Wait...\" and points to \"/ipfs/bafybeiaq62jlz4aervx3h7tjly3gsrithlqk4kkj5nrojp4llriesk4dbq/index.html\".","root/index.html contains the modal text \"Microsoft Office 365 no está instalado en este dispositivo para poder abrir y visualizar el documento PDF o descargarlo, autorice a Microsoft como aplicación para la visualización del documento.\"","root/index.html includes Open Graph text \"Notificación Judicial - Paz y Salvo\" and \"Confirme su usuario para acceder a tu Paz y Salvo en PDF.\".","root/index_logon.html is styled as a Microsoft365 sign-in page with the title \"Continuar Microsoft365\" and a password field UI.","root/index.js defines \"SHEET_WEBAPP_URL\" as a Google Apps Script endpoint and posts \"nombre, cedula, usuario, clave\" via fetch before redirecting to \"index1.html?descargar=1\".","root/index1.html is titled \"DGI - NOTIFICACIÓN\" and appears to present the final certificate/notification page in the flow."],"quality":{"tier":"low","score":0.22,"is_substantive":true,"is_redirect_only":false,"is_placeholder":false,"rationale":"The site has a complete multi-page flow, but it is a thin cloned credential-harvesting experience with little legitimate content or original utility."},"security":{"risk":"high","risk_score":0.99,"threat_type":"brand_impersonation","safe_to_list":false,"findings":[{"type":"brand_impersonation","severity":"high","confidence":0.99,"evidence":"root/index.html says \"Microsoft Office 365 no está instalado en este dispositivo\" and root/index_logon.html is titled \"Continuar Microsoft365\".","file":"root/index.html"},{"type":"phishing_language","severity":"high","confidence":0.97,"evidence":"root/index.html and root/indexp.html use the lure \"Notificación Judicial - Paz y Salvo\" and \"Confirme su usuario para acceder a tu Paz y Salvo en PDF.\"","file":"root/index.html"},{"type":"other","severity":"high","confidence":0.98,"evidence":"root/index.js sets \"SHEET_WEBAPP_URL\" to a Google Apps Script URL and sends \"nombre, cedula, usuario, clave\" with fetch before redirecting.","file":"root/index.js"}]},"files_reviewed":["analysis-context.json","root/index.html","root/index.js","root/index_logon.html","root/index1.html","root/indexp.html","root/images_login"]}}