SafeMode - Analysis: owa.cordblood.com

Visual Capture

Detection Info

https://owa.cordblood.com/

Detected Brand

Microsoft Outlook

Country

International

Confidence

95%

HTTP Status

200

Report ID

6c0d389d-1da…

Analyzed

2025-12-31 02:21

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T1CD51F1A080186C33A113E2FCA7E06A9B7787CA068A87254953F0C3BD1FF7C49DD56619
CONTENT ssdeep	48:2STw/JaFoEvU6zWQ8CEoT8QI15xqeZZZsw2rZEhgcMKdD/Inon1LP5CnMHU:NdA6zWHy8QI15xq+ZwZEXMKdDAoBxaD

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	83e67f0103039bfe
VISUAL aHash	3f3f3f3f3f3f3f3f
VISUAL dHash	d0c6ccd8d0d0d0d0
VISUAL wHash	3f233f3f3f000000
VISUAL colorHash	060000001c0
VISUAL cropResistant	808c989080808080,f184acb6b6ac84f3,0e71710e20000000

Code Analysis

Risk Score 58/100

Threat Level ALTO

⚠️ Phishing Confirmed

🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing targeting Microsoft Outlook Web App users
• Target: Users of the domain cordblood.com who try to access their Outlook accounts.
• Method: The page presents a fake Outlook Web App login page, attempting to steal the user's domain username and password.
• Exfil: The destination of the stolen credentials is unknown but likely directed to a malicious server.
• Indicators: The domain cordblood.com is used instead of an official Microsoft domain. A standard Outlook Web App login page is presented.
• Risk: HIGH - This is a clear attempt to steal credentials.