EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats
81 Risk Score

High Risk

Threat Level: ALTO • Impersonating: Microsoft
  • • Threat: Organization Sign-in Phishing
  • • Target: Microsoft users
  • • Method: Fake sign-in page requesting user's credentials
  • • Exfil: Likely credentials, including username and password, sent to attacker-controlled server.
  • • Indicators: Mismatched domain (pub-5c4cef75b08546e281f71e80755c72f1.r2.dev), using Microsoft branding
  • • Risk: HIGH - Potential for credential theft and account compromise

⚠ Risk Factors

  • Brand impersonation of Microsoft on non-official domain
  • Credential harvesting indicators detected
  • OTP/2FA stealing indicators detected

Visual Capture

Screenshot of pub-5c4cef75b08546e281f71e80755c72f1.r2.dev

Detection Info

https://pub-5c4cef75b08546e281f71e80755c72f1.r2.dev/index.html?ebfd60abf8d36190e954f84dc193ba
Detected Brand
Microsoft
Country
International
Confidence
100%
HTTP Status
200
Report ID
d48a6dc7-d36…
Analyzed
2025-12-30 17:17

Content Hashes (HTML Similarity)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T14F218B68E048893747A3D5D9A5A1A35F3AA0878CD7130B056FFC139926DFEA8CD021D9
CONTENT ssdeep
24:n/nTxVx/cIgDETsCVlWJnPKZNPALc756Fl+Nit8zZrAd:ntf/cIgwYCvAIPW8CMiN

Visual Hashes (Screenshot Similarity)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
9b4be68cd933c88c
VISUAL aHash
180018081d1f1fbf
VISUAL dHash
7161717b33717d79
VISUAL wHash
391818081f1f1fff
VISUAL colorHash
07001088040
VISUAL cropResistant
7161717b33717d79

Code Analysis

Risk Score 81/100
Threat Level ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer

🔬 Threat Analysis Report

• Threat: Organization Sign-in Phishing
• Target: Microsoft users
• Method: Fake sign-in page requesting user's credentials
• Exfil: Likely credentials, including username and password, sent to attacker-controlled server.
• Indicators: Mismatched domain (pub-5c4cef75b08546e281f71e80755c72f1.r2.dev), using Microsoft branding
• Risk: HIGH - Potential for credential theft and account compromise

🔒 Obfuscation Detected

  • atob
  • base64_strings

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
Microsoft
https://pub-60feb3b0da144b72b0f8c76714a15abf.r2.dev/index.ht...
Jan 08, 2026
 Screenshot
Microsoft
http://pub-60feb3b0da144b72b0f8c76714a15abf.r2.dev/index.htm...
Jan 02, 2026
 Screenshot
Microsoft
http://pub-60feb3b0da144b72b0f8c76714a15abf.r2.dev/index.htm...
Jan 02, 2026
 Screenshot
Microsoft
https://pub-f8ae05628d044493abc7f11a802215fc.r2.dev/index.ht...
Jan 01, 2026
 Screenshot
Microsoft
https://pub-f8ae05628d044493abc7f11a802215fc.r2.dev/index.ht...
Jan 01, 2026