Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https://gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/go&state=eyJpZCI6IjAwMTY4OWQzLWFhNTgtNDRhNi1hZmVhLTA5ODY5YjJmOTY1OSIsInRzIjoxNjQyOTAwNjMyLCJtZXRob2QiOiJyZWRpcmVjdEludGVyYWN0aW9uIn0=&nonce=b1748f17-4eb1-4c58-ba32-5270365b1cbd&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.3.4&client-request-id=a2770175-d1d8-4180-8c7e-b45d56b84e91&response_mode=fragment&sso_reload=true
Detected Brand
Microsoft
Country
International
Confidence
100%
HTTP Status
200
Report ID
4c52c74b-238…
Analyzed
2025-12-28 20:15
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T151A2E871B0106C3B82DB89FAF235E9412B68E144D2478FB5F9AC83CD19D7D1CE923669 |
|
CONTENT
ssdeep
|
192:QjJqO7UHx9ZaP72eoxvb5aOLa7QoduDarddqNZUUWASWYR8G+G:pO7B72eoxrLCQuuMq8FTWWJ+G |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8459717646d9596e |
|
VISUAL
aHash
|
0000383b37373737 |
|
VISUAL
dHash
|
88e4d2d3e5eee6e6 |
|
VISUAL
wHash
|
00003b3f373f3737 |
Code Analysis
Risk Score
100/100
Threat Level
CRITICAL
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Threat: Credential harvesting phishing attack targeting Microsoft users.
• Target: Individuals using Microsoft services (email, Skype).
• Method: Presents a fake Microsoft login page to steal email addresses and passwords.
• Exfil: Likely sends the stolen credentials to a malicious server.
• Indicators: The domain is not a Microsoft domain. It contains suspicious-looking components and is not affiliated with the official Microsoft website. The Microsoft logo is used without authorization.
• Risk: HIGH - Potential for immediate credential theft and account compromise.
🔐 Credential Harvesting Forms
📤 Form Action Targets
- https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/common/login
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://cdn.gosafemode.com/screenshots/0bbe72bae269.png
Jun 02, 2026
Microsoft
https://wizzair.cloud/
May 29, 2026
Microsoft
http://www.hexbroz.com/goffym/
May 29, 2026
Microsoft
https://goff.alccchurch.com/login?method=signin&mode=secure&...
May 29, 2026
Microsoft
https://objectstorage.us-ashburn-1.oraclecloud.com/n/idhi4ea...
May 29, 2026
Scan History for login.microsoftonline.us.office.rp1.abangaritest.govshn.net
Found 10 other scans for this domain
-
http://login.microsoftonline.us.office.rp1.abangar...
http://login.microsoftonline.us.office.rp1.abangar...
http://login.microsoftonline.us.office.rp1.abangar...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.