
Microsoft phishing & impersonation
Tech & Cloudmicrosoft.com
13
Impersonation sightings
12
Distinct hosts
2026-07-02
Last detected
13
Official domains
ScanMalware watches every scanned site for signs it is impersonating Microsoft — the brand name in the page title or screenshot text, the brand's logo/favicon on a non-official host, and lookalike domains. A match on a host outside Microsoft's official domains is recorded below.
Official domains
microsoft.comaka.msazure.comlive.commicrosoftonline.commicrosoftonline.usmsauth.netmsftauth.netoffice.comoffice365.comoutlook.comsharepoint.comwindows.net
Also known as
outlookoffice 365hotmaillive.comonedrivesharepoint
Detected impersonation sites
| Host | Title | Detected by | Verdict | Date | |
|---|---|---|---|---|---|
| verificacion-029--tucuenta0102.replit.app | Iniciar | Page text | {"verdict": "Medium Risk", "confidence": 35, "risk level": "medium", "risk factors": ["Suspicious URL Patterns", "Brand Impersonation (Microsoft)"], "overall score": 35, "recommendations": ["⚡ Exercise caution when visiting this website", "🛡️ Ensure your browser and antivirus are up to date"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (verificacion-029--tucuenta0102.replit.app)"], "password fields": 0, "impersonated brand": "Microsoft", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 35, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": ["Suspicious domain pattern detected", "Suspicious domain pattern detected"]}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 5, "total risk": 0, "valid count": 5, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 11, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}, "domain age scoring": {"penalty": 5, "rdap data": {"domain": "replit.app", "age days": 1902, "category": "ESTABLISHED", "registrar": "Nom-IQ Limited dba Com Laude", "registration date": "2021-04-16T20:44:58.737000+00:00"}, "has login forms": true, "is hosting subdomain": true}}, "threat categories": [], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (verificacion-029--tucuenta0102.replit.app)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-02 | View scan → |
| disc-aqua-e56n.squarespace.com | Microsoft | Excel SpreadSheet | Page text | {"verdict": "Low Risk", "confidence": 73, "risk level": "low", "risk factors": ["Brand Impersonation (Microsoft)"], "overall score": 27, "recommendations": [], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (disc-aqua-e56n.squarespace.com)"], "password fields": 1, "impersonated brand": "Microsoft", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 65, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": []}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 12, "total risk": 0, "valid count": 12, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 46, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (disc-aqua-e56n.squarespace.com)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-02 | View scan → |
| order-request-a-654532.vercel.app | My Files - Sharepoint | Page text | {"verdict": "Malicious", "confidence": 95, "risk level": "malicious", "risk factors": ["Suspicious URL Patterns", "Brand Impersonation (Sharepoint)", "Google Safe Browsing Threats"], "overall score": 80, "recommendations": ["⚠️ Avoid visiting this website - high security risk detected", "🔒 Use additional security measures if access is necessary", "🚫 Google Safe Browsing detected security threats - avoid interaction", "🛡️ Enable browser security warnings and avoid downloading files"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Sharepoint branding on non-official domain (order-request-a-654532.vercel.app)"], "password fields": 0, "impersonated brand": "Sharepoint", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 35, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": ["Suspicious domain pattern detected", "Suspicious domain pattern detected"]}, "safe browsing": {"score": 0, "issues": ["Google Safe Browsing detected phishing"], "threats": {"SOCIAL ENGINEERING": 1}, "threat summary": ["1 phishing/social engineering threat(s) detected"], "positive signals": []}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 3, "total risk": 0, "valid count": 3, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 13, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 1, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Sharepoint branding on non-official domain (order-request-a-654532.vercel.app)", "Google Safe Browsing detected phishing"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-02 | View scan → |
| offf-1-c-365-seg--assesortcn365.replit.app | Iniciar | Page text | {"verdict": "Low Risk", "confidence": 72, "risk level": "low", "risk factors": ["Suspicious URL Patterns", "Brand Impersonation (Microsoft)"], "overall score": 28, "recommendations": [], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (offf-1-c-365-seg--assesortcn365.replit.app)"], "password fields": 0, "impersonated brand": "Microsoft", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 50, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": ["Suspicious domain pattern detected"]}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 5, "total risk": 0, "valid count": 5, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 11, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (offf-1-c-365-seg--assesortcn365.replit.app)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |
| ingrsing.webcindario.com | Outlook Verification | Page text | {"verdict": "Malicious", "confidence": 95, "risk level": "malicious", "risk factors": ["Brand Impersonation (Outlook)", "Google Safe Browsing Threats"], "overall score": 80, "recommendations": ["⚠️ Avoid visiting this website - high security risk detected", "🔒 Use additional security measures if access is necessary", "🚫 Google Safe Browsing detected security threats - avoid interaction", "🛡️ Enable browser security warnings and avoid downloading files"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Outlook branding on non-official domain (ingrsing.webcindario.com)"], "password fields": 0, "impersonated brand": "Outlook", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 65, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": []}, "safe browsing": {"score": 0, "issues": ["Google Safe Browsing detected phishing"], "threats": {"SOCIAL ENGINEERING": 1}, "threat summary": ["1 phishing/social engineering threat(s) detected"], "positive signals": []}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 18, "total risk": 0, "valid count": 18, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 29, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Outlook branding on non-official domain (ingrsing.webcindario.com)", "Google Safe Browsing detected phishing"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |
| jimcooks211.github.io | Microsoft Personal Account | Page text | {"verdict": "Malicious", "confidence": 95, "risk level": "malicious", "risk factors": ["Brand Impersonation (Microsoft)", "Google Safe Browsing Threats"], "overall score": 80, "recommendations": ["⚠️ Avoid visiting this website - high security risk detected", "🔒 Use additional security measures if access is necessary", "🚫 Google Safe Browsing detected security threats - avoid interaction", "🛡️ Enable browser security warnings and avoid downloading files"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (jimcooks211.github.io)"], "password fields": 1, "impersonated brand": "Microsoft", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 65, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": []}, "safe browsing": {"score": 0, "issues": ["Google Safe Browsing detected phishing"], "threats": {"SOCIAL ENGINEERING": 1}, "threat summary": ["1 phishing/social engineering threat(s) detected"], "positive signals": []}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 2, "total risk": 0, "valid count": 2, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 2, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": ["Credential Phishing"], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (jimcooks211.github.io)", "Google Safe Browsing detected phishing"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |
| pub-de59803496c8489585895b6917266e7c.r2.dev | Files | OneDrive | Page text | {"verdict": "Low Risk", "confidence": 66, "risk level": "low", "risk factors": ["Suspicious URL Patterns", "Brand Impersonation (Onedrive)"], "overall score": 34, "recommendations": ["📋 Website lacks important security headers"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Onedrive branding on non-official domain (pub-de59803496c8489585895b6917266e7c.r2.dev)"], "password fields": 0, "impersonated brand": "Onedrive", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 50, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": ["Suspicious domain pattern detected"]}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 10, "total risk": 0, "valid count": 10, "invalid count": 0, "not found count": 0}, "network security": {"score": 60, "issues": ["No security headers detected"], "mixed content": false, "secure requests": 1, "security headers": {"detected": false}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}, "domain age scoring": {"penalty": 5, "rdap data": {"domain": "r2.dev", "age days": 1408, "category": "ESTABLISHED", "registrar": "CloudFlare, Inc.", "registration date": "2022-08-23T14:38:38.654000+00:00"}, "has login forms": true, "is hosting subdomain": true}}, "threat categories": [], "security indicators": {"negative": ["No security headers detected", "⚠️ CRITICAL: Brand impersonation detected - Onedrive branding on non-official domain (pub-de59803496c8489585895b6917266e7c.r2.dev)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |
| mynah.pages.dev | Microsoft SharePoint | File Share | Page text | {"verdict": "Low Risk", "confidence": 73, "risk level": "low", "risk factors": ["Brand Impersonation (Microsoft)"], "overall score": 27, "recommendations": [], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (mynah.pages.dev)"], "password fields": 0, "impersonated brand": "Microsoft", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 65, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": []}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 2, "total risk": 0, "valid count": 2, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 11, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (mynah.pages.dev)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |
| pub-d44e201c1f3e400586cb81b0f2d48f61.r2.dev | Credentials | Page text | {"verdict": "Malicious", "confidence": 95, "risk level": "malicious", "risk factors": ["Mixed Content", "Suspicious URL Patterns", "Brand Impersonation (Outlook)", "Google Safe Browsing Threats"], "overall score": 80, "recommendations": ["⚠️ Avoid visiting this website - high security risk detected", "🔒 Use additional security measures if access is necessary", "🔐 Website serves insecure content - data may be intercepted", "🚫 Google Safe Browsing detected security threats - avoid interaction", "🛡️ Enable browser security warnings and avoid downloading files"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Outlook branding on non-official domain (pub-d44e201c1f3e400586cb81b0f2d48f61.r2.dev)"], "password fields": 0, "impersonated brand": "Outlook", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 50, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": ["Suspicious domain pattern detected"]}, "safe browsing": {"score": 0, "issues": ["Google Safe Browsing detected phishing"], "threats": {"SOCIAL ENGINEERING": 2}, "threat summary": ["2 phishing/social engineering threat(s) detected"], "positive signals": []}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "network security": {"score": 30, "issues": ["Mixed content detected (HTTP resources on HTTPS page)", "1 insecure HTTP requests detected"], "mixed content": true, "secure requests": 20, "security headers": {"detected": true}, "insecure requests": 1, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 1, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}, "domain age scoring": {"penalty": 5, "rdap data": {"domain": "r2.dev", "age days": 1408, "category": "ESTABLISHED", "registrar": "CloudFlare, Inc.", "registration date": "2022-08-23T14:38:38.654000+00:00"}, "has login forms": true, "is hosting subdomain": true}}, "threat categories": [], "security indicators": {"negative": ["Mixed content detected (HTTP resources on HTTPS page)", "1 insecure HTTP requests detected", "⚠️ CRITICAL: Brand impersonation detected - Outlook branding on non-official domain (pub-d44e201c1f3e400586cb81b0f2d48f61.r2.dev)", "Google Safe Browsing detected phishing"], "positive": ["HTTPS encryption used", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |
| zilotti.com | Sign in to your account | Page text | {"verdict": "Malicious", "confidence": 95, "risk level": "malicious", "risk factors": ["Brand Impersonation (Microsoft)", "Google Safe Browsing Threats"], "overall score": 80, "recommendations": ["⚠️ Avoid visiting this website - high security risk detected", "🔒 Use additional security measures if access is necessary", "🚫 Google Safe Browsing detected security threats - avoid interaction", "🛡️ Enable browser security warnings and avoid downloading files"], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (zilotti.com)"], "password fields": 0, "impersonated brand": "Microsoft", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 65, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": []}, "safe browsing": {"score": 0, "issues": ["Google Safe Browsing detected phishing"], "threats": {"SOCIAL ENGINEERING": 1}, "threat summary": ["1 phishing/social engineering threat(s) detected"], "positive signals": []}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 1, "total risk": 0, "valid count": 1, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 13, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 55, "issues": [], "details": {"matched brand": "Microsoft 365", "signals detected": ["title domain mismatch", "no forms vnc"], "is legitimate domain": false}, "warnings": ["Page title matches Microsoft 365 login pattern but domain 'zilotti.com' is not a legitimate Microsoft 365 domain", "Microsoft 365 login title but no HTML input forms detected (possible VNC/canvas-based phishing)"]}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": ["Credential Phishing"], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (zilotti.com)", "Google Safe Browsing detected phishing"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No visual similarity to known brand sites"], "warnings": ["Page title matches Microsoft 365 login pattern but domain 'zilotti.com' is not a legitimate Microsoft 365 domain", "Microsoft 365 login title but no HTML input forms detected (possible VNC/canvas-based phishing)"]}} | 2026-07-01 | View scan → |
| gcpu-f2ej-mr21.philip-turnkeytalk-com-s-account.workers.dev | Adobe Acrobat Sign | Page text | {"verdict": "High Risk (IDS: ET PHISHING Generic Device Code Landing Page 2026-04-07 +1 more)", "confidence": 82, "risk level": "high", "risk factors": ["Suspicious URL Patterns", "References flagged external domain(s): philip-turnkeytalk-com-s-account.workers.dev"], "overall score": 60, "recommendations": ["⚠️ Avoid visiting this website - high security risk detected", "🔒 Use additional security measures if access is necessary", "📋 Website lacks important security headers"], "detailed analysis": {"html forms": {"score": 50, "issues": [], "password fields": 0, "impersonated brand": null, "brand mismatch detected": false, "impersonated brand slug": null, "disguised password fields": 0, "brand impersonation detected": false}, "ids alerts": {"total": 2, "category": "Possible Social Engineering Attempted", "detected": true, "severity": "high", "signature name": "ET PHISHING Generic Device Code Landing Page 2026-04-07"}, "ioc matches": {"external": [{"indicator": "philip-turnkeytalk-com-s-account.workers.dev", "threat type": "known attacker"}]}, "url analysis": {"score": 50, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": ["Suspicious domain pattern detected"]}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 4, "total risk": 0, "valid count": 4, "invalid count": 0, "not found count": 0}, "network security": {"score": 60, "issues": ["No security headers detected"], "mixed content": false, "secure requests": 1, "security headers": {"detected": false}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["No security headers detected"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |
| gcpu-f2ej-mr21.philip-turnkeytalk-com-s-account.workers.dev | Adobe Acrobat Sign | Page text | {"verdict": "Low Risk", "confidence": 70, "risk level": "low", "risk factors": ["Suspicious URL Patterns", "References flagged external domain(s): philip-turnkeytalk-com-s-account.workers.dev"], "overall score": 30, "recommendations": ["📋 Website lacks important security headers"], "detailed analysis": {"html forms": {"score": 50, "issues": [], "password fields": 0, "impersonated brand": null, "brand mismatch detected": false, "impersonated brand slug": null, "disguised password fields": 0, "brand impersonation detected": false}, "ioc matches": {"external": [{"indicator": "philip-turnkeytalk-com-s-account.workers.dev", "threat type": "known attacker"}]}, "url analysis": {"score": 50, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": ["Suspicious domain pattern detected"]}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 4, "total risk": 0, "valid count": 4, "invalid count": 0, "not found count": 0}, "network security": {"score": 60, "issues": ["No security headers detected"], "mixed content": false, "secure requests": 1, "security headers": {"detected": false}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 100, "issues": [], "details": {"matched brand": null, "signals detected": [], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 50, "issues": [], "total redirects": 0, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 0, "compromised wordpress detected": false}}, "threat categories": [], "security indicators": {"negative": ["No security headers detected"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |
| id.atlassian.com | Log in to continue - Log in with Atlassian account | Page text | {"verdict": "Low Risk", "confidence": 67, "risk level": "low", "risk factors": ["Suspicious URL Patterns", "Brand Impersonation (Microsoft)", "Favicon matches atlassian.net but domain 'id.atlassian.com' is not a legitimate atlassian.net domain (credential form present)"], "overall score": 33, "recommendations": [], "detailed analysis": {"html forms": {"score": 10, "issues": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (id.atlassian.com)"], "password fields": 1, "impersonated brand": "Microsoft", "brand mismatch detected": true, "impersonated brand slug": "microsoft", "disguised password fields": 0, "brand impersonation detected": true}, "url analysis": {"score": 55, "issues": [], "positive signals": ["HTTPS encryption used"], "suspicious patterns": ["Unusually long URL"]}, "safe browsing": {"score": 100, "issues": [], "threats": [], "positive signals": ["No Google Safe Browsing threats detected"]}, "clone detection": {"score": 100, "issues": [], "warnings": [], "positive signals": ["No visual similarity to known brand sites"]}, "rpki validation": {"total": 11, "total risk": 0, "valid count": 11, "invalid count": 0, "not found count": 0}, "network security": {"score": 65, "issues": [], "mixed content": false, "secure requests": 36, "security headers": {"detected": true}, "insecure requests": 0, "certificate issues": []}, "phishing signals": {"score": 70, "issues": ["Favicon matches atlassian.net but domain 'id.atlassian.com' is not a legitimate atlassian.net domain (credential form present)"], "details": {"favicon brand": {"brand": "atlassian.net", "source": "umbrella", "penalty": 30, "embed risk": "auto", "corroborated": true}, "matched brand": "atlassian.net", "signals detected": ["favicon brand mismatch umbrella"], "is legitimate domain": false}, "warnings": []}, "technology risks": {"score": 50, "issues": [], "security technologies": [], "vulnerable technologies": []}, "redirect analysis": {"score": 45, "issues": [], "total redirects": 3, "blob url detected": false, "protocol downgrades": 0, "suspicious patterns": 0, "cross domain redirects": 1, "compromised wordpress detected": false}}, "threat categories": ["Credential Phishing"], "security indicators": {"negative": ["⚠️ CRITICAL: Brand impersonation detected - Microsoft branding on non-official domain (id.atlassian.com)", "Favicon matches atlassian.net but domain 'id.atlassian.com' is not a legitimate atlassian.net domain (credential form present)"], "positive": ["Server IPs have valid RPKI ROA coverage", "HTTPS encryption used", "Good network security practices", "No Google Safe Browsing threats detected", "No visual similarity to known brand sites"], "warnings": []}} | 2026-07-01 | View scan → |