EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of forms.visme.co

Detection Info

https://forms.visme.co/fv/p9ngqzzw-dn6kp7
Detected Brand
Microsoft Outlook
Country
International
Confidence
100%
HTTP Status
200
Report ID
c492fdab-fa4…
Analyzed
2026-02-25 10:07

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1FC0253316102251712070CA8F1F76B2E6B57830EDE0318A462BA47F9EFDECF57694389
CONTENT ssdeep
192:G0YO+nQEHJxJtq6XFlQn7N4eg1ILLS+n7N9g1jRLLsn7NRg12LLnnerVJ:6BnQYJtfQnCegYBnDgnsnbgunqJ

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
83390027ffdf00cf
VISUAL aHash
3f2f3f3f3f273f3f
VISUAL dHash
d4dcd050d6ced0d4
VISUAL wHash
07030f1f1f033b3f
VISUAL colorHash
060000001c0
VISUAL cropResistant
2c2cb0e02c2dc0a8,931430969cb01491,00c0304800b00000

Code Analysis

Risk Score 85/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Impersonation phishing
• Target: Microsoft Outlook users
• Method: Credential harvesting through fake login form.
• Exfil: Data submitted through form.
• Indicators: Mismatched domain, hosted on Visme forms, Obfuscation detected.
• Risk: High

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • unescape
  • hex_escape
  • unicode_escape
  • base64_strings

📡 API Calls Detected

  • POST
  • GET
  • get

📊 Risk Score Breakdown

Total Risk Score
90/100

Contributing Factors

Domain Mismatch
The domain `forms.visme.co` is unrelated to Microsoft.
Form on Unrelated Platform
The login form is hosted on Visme Forms instead of an official Microsoft service.
Obfuscation Detected
Obfuscation techniques were detected in the Javascript code. This is often used to hide malicious behavior.

🔬 Comprehensive Threat Analysis

Threat Type
Banking Credential Harvester
Target
Microsoft Outlook users (International)
Attack Method
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Exfiltration Channel
Form submission (backend endpoint not detected - likely JavaScript-based)
Risk Assessment
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 1458 obfuscation techniques

🏢 Brand Impersonation Analysis

Impersonated Brand
Microsoft Outlook
Official Website
https://outlook.live.com/
Fake Service
Microsoft Outlook Login

⚔️ Attack Methodology

Primary Method: Credential Harvesting

The attacker is using a fake login form that mimics Microsoft Outlook to steal users' email addresses and passwords. Once the user enters their credentials, they are sent to the attacker.

Secondary Method: Phishing

The attacker likely sent an email with a link to this fake login page to trick users into entering their credentials.

🌐 Infrastructure Indicators of Compromise

Domain Information

Domain
forms.visme.co
Registered
2014-01-03
Registrar
Namecheap, Inc.
Status
ACTIVE

🤖 AI-Extracted Threat Intelligence

Scan History for forms.visme.co

Found 10 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.