Phishing sites are created by relatively low skilled threat actors who rely heavily on copying from other phishing kits.
This means you'll often see the same assets (images, scripts, etc.) used across multiple similar phishing kits. We use this to detect a set of Microsoft scams.
This is a companion discussion topic for the original entry at https://phish.report/iok/learn/040-suspcious-filenames