Security Scan Report: dfsffsinfo.nml.com

Redirected to:
https://login.microsoftonline.com/aa827ac4-4665-4dbb-98fa-fa4931a84709...
Submitted: Apr 16, 2026, 1:09:59 PMCompleted: Apr 16, 2026, 1:11:12 PMpubliccompleted
Loading additional data...

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 1 HTTP transaction. The main domain is login.microsoftonline.com and was registered NaN years ago.

Submitted URL: https://dfsffsinfo.nml.com

Effective URL: https://login.microsoftonline.com/aa827ac4-4665-4dbb-98fa-fa4931a84709/oauth2/authorize?response_type=code&client_id=f91a035c-056c-4662-9a4a-e402cf713378&scope=openid&nonce=f0db90c0-fd9a-421d-9806-53199397d52d&redirect_uri=https%3a%2f%2fdfsffsinfo.nml.com%2f&state=AppProxyState%3a%7b%22InvalidTokenRetry%22%3anull%2c%22IsMsofba%22%3afalse%2c%22OriginalRawUrl%22%3a%22https%3a%5c%2f%5c%2fdfsffsinfo.nml.com%5c%2f%22%2c%22RequestProfileId%22%3anull%2c%22SessionId%22%3a%2294f61ea9-c29d-47a3-978b-769b92e166a5%22%7d%23EndOfStateParam%23&client-request-id=94f61ea9-c29d-47a3-978b-769b92e166a5&claims=%7b%22id_token%22%3a%7b%22xms_cc%22%3a%7b%22values%22%3a%5b%22CP1%22%5d%7d%7d%7d&sso_reload=trueRedirected

The Cisco Umbrella rank of the primary domain is #185,300 of the top 1 million websites

AI Security Verdict

Low Risk

Confidence: 92%

2
Risk Score

Phishing page impersonating Northwestern Mutual, harvesting credentials via a cross‑origin Microsoft login form.

Risk Factors
Brand impersonation
External form submission to a different domain
Low domain ranking for brand claim
High‑entropy, heavily obfuscated JavaScript
Safety Factors
Domain age > 28 years (well‑established)
No Indicators of Compromise matches
No YARA malware detections
No network IDS alerts
Page served from an identity-provider sign-in endpoint (login.microsoftonline.com); a relying-party brand and login form here are normal SSO, not impersonation — risk clamped from 9 to 2
Domain age information unavailable

Details

Page Title

Sign in to your account

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

government public service

(46%)

Domain Information

Within the commercial generic top-level domain (.com), 'dfsffsinfo.nml.com' is registered with subdomain 'dfsffsinfo'. The registrable portion 'nml' spans 3 characters split between 0 vowels and three consonants. Segmentation suggests two words: n, ml. Expect 1.5 characters per word on average. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://dfsffsinfo.nml.com

Page Load Overview

1.73s
Total Load Time
30
HTTP Requests
7
Domains
538 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:357 chars
Detector Agreement:67%

Website Classification

Primary Category

government public service46% confidence
Type: webapp
Method: ml+structural

All Detected Categories

government public service
46%

Detected Features

Login Form
Search

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
613.107.246.44United States
AS8075Microsoft Corporation
4172.172.255.228Washington, Virginia, United States
AS8075Microsoft Corporation
420.190.160.5IrelandUnknown
440.126.31.69GermanyUnknown
423.207.210.132Frankfurt am Main, Hesse, Germany
AS20940Akamai International B.V.
420.189.173.14UnknownUnknown
420.190.160.17UnknownUnknown
307--

Detected Technologies4

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1DA836CEA7E722837868A45B5B5BA7D02AE3759039C08CD60F18CC9883FFB64D4137653

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:jo8GLG21mT9MVprMoIyEk77gx2xpTvPoMmCBnEh/UiCM5C:s8WmT9mlMJ32RAumC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:85928:IgAEFkwIAMOEkslIEQA4WFG8oCwOQBlUgjFXSog4KOOEWDhSWUoeBJGFaQJBIIIgYDtMxIANBUVEAAQYAIKCGSWDsQIB+rAq

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0018181818180000
Perceptual Hash:8ccc337366669999
Difference Hash:4cb2b2b2b2b2320d
Wavelet Hash:0c1c3c3c3c3c3d3d
Color Hash:#ac53a8

Scan History

Scan history not available

Unable to load historical scan data