SafeMode - Analysis: microsoft.userid-81d.ws

Visual Capture

Detection Info

http://microsoft.userid-81d.ws/subscription/SrpSCDTXjtNrJ-hGL6uA1v0SZTuIYJ4i6V0M=/s6ilczhEd9xe_ivghPGW-Utw1rMKWYzP?is_automation=undefined

Detected Brand

Phriendly Phishing

Country

International

Confidence

100%

HTTP Status

200

Report ID

020ac0dd-1af…

Analyzed

2025-12-25 01:40

Final URL (after redirects)

https://training.phriendlyphishing.com/landing_pages/simulated_phishing_page/story.html

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T17423A622250430A0940751C4B2E78F8FE1E7F3E3D6861CC5B9D6DE9EA6AFCA589D4247
CONTENT ssdeep	384:zHizWioXZaFDC2d7W9ZpoKMZ9MZsYUAP2pZCBq:zCzWi4UFDd7O7ooPnw

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	a95e7882dfa0862f
VISUAL aHash	000000ffffffc300
VISUAL dHash	3231cc8a5ac5973b
VISUAL wHash	000024ffffffc300

Code Analysis

Risk Score 100/100

Threat Level CRITICAL

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Phishing simulation bypass attempt
• Target: Users of Phriendly Phishing training program
• Method: Attempt to access the simulated phishing training via unofficial domain, thus potentially bypassing the training
• Exfil: None (This is an attempt to bypass training, not exfiltrate data)
• Indicators: Domain name mismatch, non-official domain, potential bypass of phishing simulation training
• Risk: HIGH - Indicates user behavior not aligned with security training. Could lead to real phishing compromises