Phishing Analysis
Detailed analysis of captured phishing page
58
Risk Score
Medium Risk
Threat Level: ALTO
• Impersonating: Microsoft Outlook
- • Threat: Credential harvesting phishing kit targeting Outlook users
- • Target: Outlook users
- • Method: Fake login form designed to steal email and password
- • Exfil: Data is likely sent to a PHP script on a Brazilian domain (pucminas.br.php) based on the form action.
- • Indicators: Domain mismatch, obfuscated JavaScript, and form submission to a non-Outlook domain.
- • Risk: HIGH - Immediate credential theft
⚠ Risk Factors
- Brand impersonation of Microsoft Outlook on non-official domain
- Contains 1 form(s) with JavaScript submission
- Credential harvesting indicators detected
Visual Capture
Detection Info
http://ilanrubinmusic.com/wp-admin/user/outlook-uni-oldenburg.html
Detected Brand
Microsoft Outlook
Country
International
Confidence
99%
HTTP Status
200
Report ID
7aff1679-c37…
Analyzed
2026-01-02 14:15
Final URL (after redirects)
https://ilanrubinmusic.com/wp-admin/user/outlook-uni-oldenburg.html
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D551CD61905ABC339113E1F8AAE4AB8B7197C305C687290953F4C36C1EE3C4DDFA6629 |
|
CONTENT
ssdeep
|
48:+GUJhhzaz9d9zTOiyXKPWYxnTa26YXAPy9uil2M7ay6BLPHwutV6:e8z93+KPWYxnObBy9uigMeBFPwO6 |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
83f67f09090999fc |
|
VISUAL
aHash
|
3f3f3f3f3f3f3f3f |
|
VISUAL
dHash
|
d0cccccdd0d0d0d0 |
|
VISUAL
wHash
|
3f27373f3f000000 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
a09c989a80808080,f184acb6b6ac84f3,0e71710e20000000 |
Code Analysis
Risk Score
58/100
Threat Level
ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester
🔬 Threat Analysis Report
• Threat: Credential harvesting phishing kit targeting Outlook users
• Target: Outlook users
• Method: Fake login form designed to steal email and password
• Exfil: Data is likely sent to a PHP script on a Brazilian domain (pucminas.br.php) based on the form action.
• Indicators: Domain mismatch, obfuscated JavaScript, and form submission to a non-Outlook domain.
• Risk: HIGH - Immediate credential theft
🔐 Credential Harvesting Forms
🔒 Obfuscation Detected
- document.write
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Outlook
https://pub-16499d352cc14fe4b8cdf064bb205547.r2.dev/4outmana...
Jan 09, 2026
Outlook
https://pub-7fba1b15f67c48dab9fed7ef0dc5513b.r2.dev/OWA-Oulo...
Jan 09, 2026
Outlook
https://pub-57101e7d7e08497bb50a165ee30ff8d4.r2.dev/01.html
Jan 09, 2026
Outlook
https://pub-ba357d95075c4d879b3d01b38b24ecc6.r2.dev/owa-weba...
Jan 09, 2026
Outlook
https://pub-24c17749b70d42d8b2b5534e6ad64fdb.r2.dev/owa-web....
Jan 09, 2026
Scan History for ilanrubinmusic.com
Found 1 other scan for this domain