EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of outlook-office365.mgamt.com

Detection Info

https://outlook-office365.mgamt.com/landing/form/94860891-05d6-4c26-b80a-5b5e976ada3f
Detected Brand
Microsoft
Country
International
Confidence
95%
HTTP Status
200
Report ID
c082b7c2-471…
Analyzed
2026-02-06 00:16

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T17641A81CD2010346E357EE90F962FBD666140BC0C7134A7C6AB9927AB1CE17553723CD
CONTENT ssdeep
48:n0i0Hls5hwhjO7c2ZgV0jxJF0jIPcU85D4c5hkj0:nfjhh7xg6jxJqjJTt4g5

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9cc97326cc99d98c
VISUAL aHash
0000181818180000
VISUAL dHash
6171333232327c78
VISUAL wHash
1818181c1f1f1fff
VISUAL colorHash
070000001c0
VISUAL cropResistant
6171333232327c78

Code Analysis

Risk Score 50/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester

🔬 Threat Analysis Report

• Threat: Credential Phishing
• Target: Microsoft Users
• Method: Impersonation through a look-alike login page
• Exfil: Unknown, likely to a database controlled by the attackers
• Indicators: Domain mismatch, Form for login credentials
• Risk: HIGH

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Domain Mismatch
The domain does not belong to Microsoft.
Form for Credentials
The page has a form requesting sensitive information (username and password).
Impersonation
The page tries to impersonate Microsoft's login page.

🔬 Comprehensive Threat Analysis

Threat Type
Credential Harvesting Kit
Target
Microsoft users (International)
Attack Method
Brand impersonation + credential harvesting forms
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
MEDIUM - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester

🏢 Brand Impersonation Analysis

Impersonated Brand
Microsoft
Official Website
null
Fake Service
Microsoft Outlook Login

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attackers are using a fake login page to steal user credentials. When a user enters their information, it is sent to the attackers.

Secondary Method: Social Engineering

The attacker uses the Microsoft branding and interface to trick users to hand over their login information.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
outlook-office365.mgamt.com
Registered
2019-07-11
Registrar
Unknown
Status
Active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Microsoft
https://mgamt.com/landing/form/779d0071-1dcc-4633-902a-d8ea2...
Apr 05, 2026
 Screenshot
Microsoft
https://secure-datalink.org/landing/form/5a7d3a80-9d8f-4fab-...
Apr 05, 2026
 Screenshot
Microsoft
https://secure-datalink.org/landing/form/f5dfd805-5551-46ee-...
Mar 29, 2026
 Screenshot
Microsoft
https://outlook-office365.mgamt.com/landing/form/259885eb-96...
Mar 25, 2026
 Screenshot
Microsoft
https://mgamt.com/landing/form/ede3e395-327d-4ce9-a5ad-714f8...
Mar 25, 2026

Scan History for outlook-office365.mgamt.com

Found 2 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.