EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Visual Capture

Screenshot of login.microsoftonline.us.office.rp1.abangaritest.govshn.net

Detection Info

https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/organizations/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=5e3ce6c0-2b1f-4285-8d4b-75ee78787346&redirect_uri=https://gov.teams.microsoft.us.office.rp1.abangaritest.govshn.net/go&state=eyjpzci6ijawmty4owqzlwfhntgtndrhni1hzmvhlta5ody5yjjmoty1osisinrzijoxnjqyotawnjmylcjtzxrob2qioijyzwrpcmvjdeludgvyywn0aw9uin0=&nonce=b1748f17-4eb1-4c58-ba32-5270365b1cbd&client_info=1&x-client-sku=msal.js&x-client-ver=1.3.4&client-request-id=a2770175-d1d8-4180-8c7e-b45d56b84e91&response_mode=fragment&sso_reload=true
Detected Brand
Microsoft
Country
International
Confidence
100%
HTTP Status
200
Report ID
c9aea964-5b2…
Analyzed
2025-12-28 20:16

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T1DFA2F8B1B0106C3B869BD9FAF235D9016768E144D2078FB5F9AC87CD19D382CE973629
CONTENT ssdeep
192:ij7qO7UHp9zaP72eoxvb5aOLa7Qodu8E+4NEaZzymYw74lMmWYx8G+G:1O7T72eoxrLCQuu8E+AEeymYdWsJ+G

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
8459717646d9596e
VISUAL aHash
0000383b37373737
VISUAL dHash
88e4d2d3e5eee6e6
VISUAL wHash
00003b3f373f3737

Code Analysis

Risk Score 100/100
Threat Level CRITICAL
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Threat: Credential harvesting phishing attack
• Target: Microsoft users
• Method: Fake Microsoft login page to steal credentials (email, phone, or Skype and password)
• Exfil: Unknown, likely a custom API or database controlled by the attacker
• Indicators: Domain mismatch, suspicious domain name, login form present
• Risk: CRITICAL - Real-time credential theft possible

🔐 Credential Harvesting Forms

📤 Form Action Targets

  • https://login.microsoftonline.us.office.rp1.abangaritest.govshn.net/common/login

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Unknown
https://cdn.gosafemode.com/screenshots/0bbe72bae269.png
Jun 02, 2026
 Screenshot
Microsoft
https://wizzair.cloud/
May 29, 2026
 Screenshot
Microsoft
http://www.hexbroz.com/goffym/
May 29, 2026
 Screenshot
Microsoft
https://goff.alccchurch.com/login?method=signin&mode=secure&...
May 29, 2026
 Screenshot
Microsoft
https://objectstorage.us-ashburn-1.oraclecloud.com/n/idhi4ea...
May 29, 2026

Scan History for login.microsoftonline.us.office.rp1.abangaritest.govshn.net

Found 10 other scans for this domain

😰
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.