# owasxwheks-mph9pg.fly.dev — MALICIOUS

> High-risk phishing site detected at owasxwheks-mph9pg.fly.dev. Avoid entering credentials and report suspicious activity immediately.

## Summary
PhishDestroy identifies owasxwheks-mph9pg.fly.dev as a high-risk phishing domain attempting to impersonate a legitimate web application. Users visiting this site face significant danger of having their personal and login information stolen, which could lead to unauthorized access to email or other sensitive accounts.

This phishing site mimics the appearance of a trusted '0utl00k Web App' to trick users into submitting their credentials. By resolving to IP 66.241.124.91 and flagged by 19 out of 95 security vendors on VirusTotal, it strongly indicates malicious intent. The domain’s suspicious naming and usage pattern are designed to deceive users into believing it is a legitimate service.

If you have visited owasxwheks-mph9pg.fly.dev, immediately change passwords for any accounts that might be affected. Enable two-factor authentication where possible and monitor your accounts for unusual activity. It is also advised to report the incident to your IT department or relevant security authorities to help prevent further attacks.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP ?)
- Page title: 0utl00k Web App

## Domain Intelligence
- Registered: 2026-03-10 13:07:01
- Registrar: REGISTRAR_NOT_FOUND
- IP: 66.241.124.91
- IP Country: US
- IP City: Pitkin
- IP Org: AS40509 Fly.io, Inc.
- Nameservers: NS_NOT_FOUND
- SSL Issuer: Let's Encrypt / E8

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Lionic", "Netcraft", "OpenPhish", "Sophos", "Trustwave", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Live Page Content

### Page Text
0utl00k Web App Email Address: Password: Show password Invalid Password.! Please Enter your correct Password That account doesn't exist. Enter a different account sign in Outlook Please enable cookies for this Web site. Cookies are currently disabled by your browser. Outlook requires that cookies be enabled. For information about how to enable cookies, see the Help for your Web browser. retry

### External Scripts
- https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js
- https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
- https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

### Form Fields
- isUtf8
- submit
- hidden
- checkbox
- password
- email
- flags
- forcedownlevel

### External Links
- https://go.microsoft.com/fwlink/?linkid=2009667&clcid=0x409

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cd799-29c5-726f-be68-dc76cd3829bd.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/ae86b26c-9a2b-41a1-b02d-5cab2eebe19f
- PhishDestroy: https://phishdestroy.io/domain/owasxwheks-mph9pg.fly.dev/
- LLM endpoint: https://phishdestroy.io/domain/owasxwheks-mph9pg.fly.dev/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/owasxwheks-mph9pg.fly.dev/
Last updated: 2026-03-15