Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
Detection Info
https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https://gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/go&state=eyjpzci6ija4ngflodi2lwqzntitnda1my05zwi2lwy0ntcxzjfhztq2osisinrzijoxnjqxnjkxmdmwlcjtzxrob2qioijyzwrpcmvjdeludgvyywn0aw9uin0=&nonce=4e0683a8-4523-4576-98a3-feaa52f0ef86&client_info=1&x-client-sku=msal.js&x-client-ver=1.3.4&client-request-id=d3ee0b67-2d68-4797-99cf-338f7272d253&response_mode=fragment&sso_reload=true
Detected Brand
Microsoft
Country
International
Confidence
100%
HTTP Status
200
Report ID
94ab9450-5c1…
Analyzed
2025-12-28 20:16
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T196A2E971B0106C3B829BC9FEF235D9412B68E244D3478BB5F9AC83CD1DD691CE923669 |
|
CONTENT
ssdeep
|
192:QjJqO7UHx9ZaP72eoxvb5aOLa7QoduQW7EKbhFJZ7fOlQ3yudWYR8G+G:pO7B72eoxrLCQuuz7EAhlGC3yudWWJ+G |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8459717646d9596e |
|
VISUAL
aHash
|
0000383b37373737 |
|
VISUAL
dHash
|
88e4d2d3e5eee6e6 |
|
VISUAL
wHash
|
00003b3f373f3737 |
Code Analysis
Risk Score
100/100
Threat Level
CRITICAL
⚠️ Phishing Confirmed
🎣 Credential Harvester
🎣 OTP Stealer
🎣 Banking
🎣 Personal Info
🔬 Threat Analysis Report
• Threat: Credential harvesting phishing attack
• Target: Microsoft users
• Method: Fake login form stealing email, phone, or Skype credentials
• Exfil: Unknown, likely to a malicious server
• Indicators: Domain mismatch, brand impersonation, suspicious domain extension
• Risk: CRITICAL - Real-time credential theft
🔐 Credential Harvesting Forms
📤 Form Action Targets
- https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/common/login
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Unknown
https://cdn.gosafemode.com/screenshots/0bbe72bae269.png
Jun 02, 2026
Microsoft
https://wizzair.cloud/
May 29, 2026
Microsoft
http://www.hexbroz.com/goffym/
May 29, 2026
Microsoft
https://goff.alccchurch.com/login?method=signin&mode=secure&...
May 29, 2026
Microsoft
https://objectstorage.us-ashburn-1.oraclecloud.com/n/idhi4ea...
May 29, 2026
Scan History for login.microsoftonline.us.office.rp1.abangaritest.govshn.net
Found 10 other scans for this domain
-
http://login.microsoftonline.us.office.rp1.abangar...
http://login.microsoftonline.us.office.rp1.abangar...
http://login.microsoftonline.us.office.rp1.abangar...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
https://login.microsoftonline.us.office.rp1.abanga...
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.