Phishing Analysis

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing targeting Microsoft users
• Target: Users of Microsoft services
• Method: Fake Microsoft sign-in page asking to complete a security check
• Exfil: Likely a JavaScript form submission that sends data to an external source (likely controlled by the attacker)
• Indicators: Unofficial r2.dev domain, Microsoft branding, request for security check, obfuscated JavaScript.
• Risk: HIGH - The site tries to steal Microsoft credentials.

🔒 Obfuscation Detected

• atob
• eval
• fromCharCode
• unicode_escape
• base64_strings

📡 API Calls Detected

• ${TW}