SafeMode - Analysis: login.microsoftonline.us.office.rp1.abangaritest.govshn.net

Visual Capture

Screenshot of login.microsoftonline.us.office.rp1.abangaritest.govshn.net

Detection Info

https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/a972b02b-2e02-4381-9dda-f8c703e9d5b9/oauth2/authorize?client_id=c6d6a834-c9f1-4770-9f5a-6768dd1676fb&redirect_uri=https://brblogs.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net&response_type=code%20id_token&scope=openid%20profile%20user.read%20user.readbasic.all&state=openidconnect.authenticationproperties=j0pli0cqomjfsp43bvf2xpiyajj_alzqcrvjk-7bdxmtii_zrirfsprh98zljczpv9srkg7ukjg2qmvge_v2o0sxn65mvr27lcekoqu8zylaoc3osjsyos2mqsyu4_axiapj0n2jezq4isttyrzawuzi0zdsyiqnbf5nqlh06yytelqkibdtegunwumiblmmyhkupq_tlixqj3waj53oz7dehmetrsvrt1gllssycgu&response_mode=form_post&nonce=637784820257468311.njzhn2mymdetodkwmc00nzm5lwiwmjetnmrkowfinjywztm1yzc4ntfizjmtyzgymc00nze3lwjmnjktywi4zjawndaymzm5&x-client-sku=id_net461&x-client-ver=6.7.1.0

Detected Brand

Microsoft

Country

International

Confidence

100%

HTTP Status

200

Report ID

0dfdf1ee-766…

Analyzed

2025-12-28 20:14

Final URL (after redirects)

https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/a972b02b-2e02-4381-9dda-f8c703e9d5b9/oauth2/authorize?client_id=c6d6a834-c9f1-4770-9f5a-6768dd1676fb&redirect_uri=https://brblogs.gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net&response_type=code%20id_token&scope=openid%20profile%20user.read%20user.readbasic.all&state=openidconnect.authenticationproperties=j0pli0cqomjfsp43bvf2xpiyajj_alzqcrvjk-7bdxmtii_zrirfsprh98zljczpv9srkg7ukjg2qmvge_v2o0sxn65mvr27lcekoqu8zylaoc3osjsyos2mqsyu4_axiapj0n2jezq4isttyrzawuzi0zdsyiqnbf5nqlh06yytelqkibdtegunwumiblmmyhkupq_tlixqj3waj53oz7dehmetrsvrt1gllssycgu&response_mode=form_post&nonce=637784820257468311.njzhn2mymdetodkwmc00nzm5lwiwmjetnmrkowfinjywztm1yzc4ntfizjmtyzgymc00nze3lwjmnjktywi4zjawndaymzm5&x-client-sku=id_net461&x-client-ver=6.7.1.0&sso_reload=true

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T18792E9B0B0207D3B819BC9FEF235E9412B58E144D30B9F75E9A883CD19D6D1CE963629
CONTENT ssdeep	192:QjJqOAUHx9ZaP72eoxvb5aOLa7QodMOqFHnMwVlx9AKYccWYS5+G:pOAB72eoxrLCQuSnM6//cWh5+G

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	8459717666d95966
VISUAL aHash	0000383b37373737
VISUAL dHash	88e4d2d3e5eee6e6
VISUAL wHash	00003b3f373f3737

Code Analysis

Risk Score 100/100

Threat Level CRITICAL

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Microsoft login page phishing for credential theft.
• Target: Users of Microsoft services, especially in US government sector
• Method: Fake Microsoft login page stealing email, phone, or Skype credentials.
• Exfil: Unknown, likely to a malicious server controlled by the attacker.
• Indicators: Domain mismatch, unusual domain name (abangaritest.govshn.net) suggesting compromised or malicious registration.
• Risk: CRITICAL - Potential for immediate credential theft, account compromise, and data breach.

🔐 Credential Harvesting Forms

📤 Form Action Targets

https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/a972b02b-2e02-4381-9dda-f8c703e9d5b9/login

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Microsoft

https://login.microsoftonline.us.office.rp1.abangaritest.gov...

Dec 28, 2025

Scan History for login.microsoftonline.us.office.rp1.abangaritest.govshn.net

Found 10 other scans for this domain

http://login.microsoftonline.us.office.rp1.abangar... ? Mar 02, 2026 16:38

http://login.microsoftonline.us.office.rp1.abangar... ? Mar 02, 2026 16:37

https://login.microsoftonline.us.office.rp1.abanga... Microsoft Dec 28, 2025 20:16

https://login.microsoftonline.us.office.rp1.abanga... Microsoft Dec 28, 2025 20:15