Phishing domain shown in the article image used as part of the ConsentFix OAuth token theft flow, spoofing Microsoft Entra branding to trick users into dragging a localauth callback link into a drop zone.