SafeMode - Analysis: login.microsoftonline.us.office.rp1.abangaritest.govshn.net

Visual Capture

Screenshot of login.microsoftonline.us.office.rp1.abangaritest.govshn.net

Detection Info

https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https:/gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/go&state=eyjpzci6ija4ngflodi2lwqzntitnda1my05zwi2lwy0ntcxzjfhztq2osisinrzijoxnjqxnjkxmdmwlcjtzxrob2qioijyzwrpcmvjdeludgvyywn0aw9uin0=&nonce=4e0683a8-4523-4576-98a3-feaa52f0ef86&client_info=1%252

Detected Brand

Microsoft

Country

International

Confidence

100%

HTTP Status

200

Report ID

82645aa5-581…

Analyzed

2025-12-28 20:15

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm	Hash Value
CONTENT TLSH	T10D52A6B0B040382FC29BC6FDF275F5411BA69204D206CB76ED9DC69D19E6928ED63710
CONTENT ssdeep	192:sjJ6YxHW9Zc7nQF4ER5nzimowUAO5PUISokAieQAlz8G+J:vYl7nY4Ev1UNUIzkjeQaJ+J

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm	Hash Value
VISUAL pHash	835974734c667339
VISUAL aHash	001c0c3f3f2f3737
VISUAL dHash	88f0d8ebdbd8e6e6
VISUAL wHash	00180c3f3f2f3f37

Code Analysis

Risk Score 100/100

Threat Level CRITICAL

⚠️ Phishing Confirmed

🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Microsoft login page phishing
• Target: Microsoft users
• Method: Displaying a fake Microsoft login page to potentially harvest credentials if a form was present (none are visible)
• Exfil: Unknown as there are no form elements to extract
• Indicators: Unofficial domain 'login.microsoftonline.us.office.rp1.abangaritest.govshn.net'
• Risk: HIGH - Credential theft if a form was present