Detects the landing page of a Spanish-speaking phishing kit targeting Microsoft with two stages.
The first stage is a landing page with a "Start the corresponding verification process" message, on the second stage the user is asked to enter their credentials. The stages switch using a redirect through an anchor.
The detection of this tiny HTML page is based on the fact that the attacker thought it's a good idea to use special characters for their asset URLs.
Found as a result of this kit being deployed on Replit.